b'               SPECIAL REPORTS RELATING TO THE\n            FEDERAL EMPLOYEES\' COMPENSATION ACT\n                     SPECIAL BENEFIT FUND\n\n            FOR THE YEAR ENDED SEPTEMBER 30, 2001\n\n\n\n\n                                               U.S. Department of Labor\n                                              Office of Inspector General\n                                        Report Number: 22-02-001-04-431\n                                           Date Issued: NOV 26 2001\n\n                                                 Carmichael\n                                       Brasher Tuvell\nCertified   Public      A c c o u n t a n t s & Company\n\x0cThis audit was performed by Carmichael, Brasher, Tuvell & Company, Certified Public Accountants, under\ncontract to the Inspector General, and, by acceptance, it becomes a report of the Office of Inspector General.\n\n\n\n                                                                               _______________________________\n                                                                                Assistant Inspector General for Audit\n\x0cMEMORANDUM FOR:                SEE DISTRIBUTION LIST\n\n\n\n\nFROM:                         JOHN J. GETEK\n                              Assistant Inspector General\n                               for Audit\n\n\nSUBJECT:                      Special Report Relating to the Federal Employees\xe2\x80\x99 Compensation Act\n                              Special Benefit Fund - FY 2001\n                              Report No. 22-02-001-04-431\n\nAttached is a special report on the Federal Employees\' Compensation Act (FECA) Special Benefit Fund\n(the Fund) that our office prepared to assist in the audit of your agency\'s annual financial statements.\nThe U.S. Department of Labor, Employment Standards Administration, Office of Workers\'\nCompensation administers the Fund and the DOL Office of Inspector General is responsible for\nauditing the Fund.\n\nThis special report was prepared by Carmichael, Brasher, Tuvell & Company under contract with the\nOffice of Inspector General, and consists of three separate reports. The first report is an opinion on the\ntotal actuarial liability as of September 30, 2001, and the net intra-governmental accounts receivable\nand the total benefit expense made by the Fund on behalf of the employing agencies for the year then\nended. The second report is an agreed-upon procedures (AUP) report on the schedule of actuarial\nliability and net intra-governmental accounts receivable and benefit expense by Agency. The third\nreport is a service provider report on the policies and procedures placed in operation and tests of the\noperating effectiveness of the Division of Federal Employees\xe2\x80\x99 Compensation Organization for the\nperiod October 1, 2000 through April 30, 2001.\n\nThe sufficiency of the procedures referred to in the agreed-upon procedures report is solely the\nresponsibility of the parties specified in this report. Consequently, neither we nor the firm make any\nrepresentations regarding the sufficiency of the procedures. Because the agreed-upon procedures\nperformed did not constitute an audit, the auditor did not express an opinion on any elements, accounts\nor items as they pertained to the agreed-upon procedures report. Further, the firm has no obligation to\nperform any procedures beyond those listed in the attached report.\n\x0c                                                  -2-\n\nIf you have any comments or suggestions on the contents or sufficiency of this report or the procedures\nperformed that you would like considered for future audits, please send your comments via regular\nmail, facsimile, or e-mail to:\n\n       Michael T. McFadden\n       Director, Office of Performance\n         and Financial Accountability Audits\n       U.S. Department of Labor\n       Office of Inspector General\n       200 Constitution Ave., NW, Room S-5022\n       Washington, D.C. 20210\n\n       Fax: (202) 693-5169\n       e-mail: mmcfadden@oig.dol.gov\n\nThis report is available at our web site http://www.oig.dol.gov/public/reports/oa/2002/main.htm\n\nAttachment\n\x0cDISTRIBUTION LIST\n\nD. Cameron Findlay                               Thomas D. Roslewicz\nDeputy Secretary of Labor                        Deputy Inspector General for Audit Services\nU.S. DEPARTMENT OF LABOR                         U.S. DEPARTMENT OF HEALTH\nRoom S-2018                                        AND HUMAN SERVICES\n200 Constitution Ave., N.W.                      330 Independence Ave., SW, Rm 5700\nWashington, DC 20210                             Washington, DC 20201\nfindlay-cameron@dol.gov                          troslewi@os.dhhs.gov\n\nToby Jarman                                      James Heist\nAssistant Inspector General for Audit            Assistant Inspector General for Audit\nU.S. AGENCY FOR INTERNATIONAL                    U.S. DEPARTMENT OF HOUSING AND URBAN\n  DEVELOPMENT                                      DEVELOPMENT\n1300 Pennsylvania Ave., NW                       451 7th Street, SW, Room 8256\nWashington, DC 20523                             Washington, DC 20410\ntjarman@usaid.gov                                jheist@hudoig.gov\n\nRichard D. Long                                  Roger Larouche\nAssistant Inspector General for Audit            Assistant Inspector General for Audits\nU.S. DEPARTMENT OF AGRICULTURE                   U.S. DEPARTMENT OF THE INTERIOR\n12th and Independence Ave., SW, Room 403-E       1849 C St., NW, Mail Stop 5354\nWashington, DC 20250                             Washington, DC 20240\nrdlong@oig.usda.gov                              Roger_Larouche@oig.doi.gov\n\nLarry B. Gross                                   Guy Zimmerman\nAssistant Inspector General for Auditing         Assistant Inspector General for Audit\nU.S. DEPARTMENT OF COMMERCE                      U.S. DEPARTMENT OF JUSTICE\n14th and Constitution Ave., NW, Room 7721        1425 New York Ave, N.W.\nWashington, D.C. 20230                           Washington, DC 20530\nlgross@oig.doc.gov                               guyzimmerman@usdoj.gov\n\nDavid K. Steensma                                Richard Berman\nAssistant Inspector General for Auditing         Assistant Inspector General for Audit\nU.S. DEPARTMENT OF DEFENSE                       U.S. DEPARTMENT OF STATE\n400 Army Navy Drive, Room 808                    2201 C Street, NW, Room 6817\nArlington, VA 22202-2884                         Washington, DC 20520-6817\ndsteensma@dodig.osd.mil                          bermanr@state.gov\n\nThomas A. Carter                                 Alexis M. Stefani\nAssistant Inspector General for Audit Services   Assistant Inspector General for Audit\nU.S. DEPARTMENT OF EDUCATION                     U.S. DEPARTMENT OF TRANSPORTATION\n600 Independence Ave., SW, Room 4200-MES         400 Seventh Street, NW, Room 9202\nWashington, DC 20202-1510                        Washington, DC 20590\ntom.carter@ed.gov                                stefania@oig.dot.gov\n\nPhillip Holbrook                                 Dennis Schindel\nAssistant Inspector General for Audit Services   Assistant Inspector General for Audit\nU.S. DEPARTMENT OF ENERGY                        U.S. DEPARTMENT OF THE TREASURY\n1000 Independence Ave., SW                       740 15th Street, NW, Room 600\nWashington, DC 20585                             Washington, DC, 20220\nphil.holbrook@hq.doe.gov                         schindeld@oig.treas.gov\n\x0cMichael Slachta                            Harvey D. Thorp\nAssistant Inspector General for Audit      Assistant Inspector General for Audit\nU.S. DEPARTMENT OF VETERANS AFFAIRS        U.S. OFFICE OF PERSONNEL MANAGEMENT\n810 Vermont Ave., NW, Room 756TW           1900 E. Street, NW, Room 6400\nWashington, DC 20420                       Washington, DC 20415-0001\nmichael.slachta@mail.va.gov                hdthorp@opm.gov\n\nJames O. Rauch                             Robert G. Seabrooks\nAssistant Inspector General for Audit      Assistant Inspector General -Audit\nU.S. ENVIRONMENTAL PROTECTION AGENCY       SMALL BUSINESS ADMINISTRATION\n401 M Street, SW, (NE-3606)                409 3rd Street, SW, 7th Floor\nWashington, DC 20460                       Washington, DC 20416\nrauch.james@epa.gov                        robert.seabrooks@sba.gov\n\nNancy Hendricks                            Steven L. Schaeffer\nAssistant Inspector General for Audit      Assistant Inspector General for Audit\nFEDERAL EMERGENCY MANAGEMENT               SOCIAL SECURITY ADMINISTRATION\nAGENCY                                     6401 Security Boulevard, Suite 4-G-1 Opers\n500 C Street, SW, Suite 506                Baltimore, MD 21235\nWashington, DC 20472                       steven.schaeffer@ssa.gov\nnancy.hendricks@fema.gov\n                                           Ben R. Wagner\nEugene L. Wesley                           Assistant Inspector General for Audit\nAssistant Inspector General for Auditing   TENNESSEE VALLEY AUTHORITY\nGENERAL SERVICES ADMINISTRATION            400 West Summit Hill Drive, Room ET4C\n18th and F Streets, NW, Room 5308          Knoxville, TN 37902-1499\nWashington, DC 20405                       br.wagner@tva.gov\neugene.wesley@gsa.gov\n                                           Thomas R. Denneny\nAlan Lamoreaux                             Acting Deputy Chief Inspector\nAssistant Inspector General for Auditing   U.S. POSTAL INSPECTION SERVICE\nNASA                                       475 L\'Enfant Plaza West, SW, Room 3014\n300 E Street, SW, Code W, Room 8T79        Washington, DC 20260-2190\nWashington, DC 20546                       trdenneny@uspis.gov\nalamorea@hq.nasa.gov\n                                           Deborah Ritt\nDeborah H. Cureton                         Assistant Inspector General for Audit\nAssistant Inspector General for Audit      U.S. POSTAL SERVICE\nNATIONAL SCIENCE FOUNDATION                1735 North Lynn St.\n4201 Wilson Blvd., Room 1135               Arlington, VA 22209-2005\nArlington, VA 22230                        dritt@usps.oig.gov\ndcureton@nsf.gov\n                                           James Speer\nStephen Dingbaum                           Auditor General\nAssistant Inspector General for Audit      U.S. AIR FORCE AUDIT AGENCY\nNUCLEAR REGULATORY COMMISSION              1120 Air Force Pentagon\nMail Stop T5 D28                            Room 4E168\nWashington, DC 20555                       Washington, DC 20330-1120\nsdd@nrc.gov                                james.speer@pentagon.af.mil\n\x0cFrancis E. Reardon                   Robert Dacey\nAuditor General                      Director, Consolidated Audit and Computer\nU.S. ARMY AUDIT AGENCY                 Security Issues\n3101 Park Center Drive, Room 1301    GENERAL ACCOUNTING OFFICE\nAlexandria, VA 22302-1596            441 G Street, NW, Room 5T37\nfrancis.reardon@aaa.army.mil         Washington, DC 20548\n                                     daceyr@gao.gov\nRichard A. Leach\nAuditor General                      Sheila Conley\nU.S. NAVAL AUDIT SERVICE             OFFICE OF MANAGEMENT AND BUDGET\nWashington Navy Yard, Building 219   NEOB, Room 6025\n1006 Beatty Place, SE                725 17th Street, NW\nWashington, DC 20374-5005            Washington, DC 20503\nleach.richard@hq.navy.mil            sconley@omb.eop.gov\n\x0c[This page intentionally left blank.]\n\x0c                                                                                       Carmichael\n                                                                              Brasher Tuvell\nCertified                           Public                    A c c o u n t a n t s & Company\n\n                                                          Table of Contents\n\nAcronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i\n\nI.        A.         Independent Auditors\' Report on the Schedule of Actuarial Liability,\n                           Net Intra-Governmental Accounts Receivable and Benefit Expense . . . . . 1\n\n          B.         Schedule of Actuarial Liability, Net Intra-Governmental Accounts\n                           Receivable and Benefit Expense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2\n\nII.       A.         Independent Accountants\' Report on Applying Agreed-Upon Procedures . . . . . . 7\n\n          B.         Schedules\n\n                     1.         Schedule of Actuarial Liability by Agency . . . . . . . . . . . . . . . . . . . . . . . . . 9\n\n                     2.         Schedule of Net Intra-Governmental Accounts Receivable by Agency . . 11\n\n                     3.         Schedule of Benefit Expense by Agency . . . . . . . . . . . . . . . . . . . . . . . . . . . 13\n\n          C.         Agreed-Upon Procedures and Results\n                     Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .    15\n                     Actuarial Liability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .      16\n                     Net Intra-Governmental Accounts Receivable . . . . . . . . . . . . . . . . . . . . . . . . . . .                           23\n                     Benefit Expense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .      25\n\nIII.      A.         Independent Service Auditors\' Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                     27\n          B.         Division of Federal Employees\' Compensation\xe2\x80\x99s\n                            Policies and Procedures\n                     Overview of Services Provided . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                29\n                     Overview of Control Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                    33\n                     Overview of Transaction Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                   36\n                     Overview of Computer Information Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . .                           42\n                     Control Objectives and Related Policies and Procedures . . . . . . . . . . . . . . . . . . .                               45\n                     User Control Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .              45\n\n          C.         Information Provided by the Service Auditor\n                     Tests of Control Environment Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                      46\n                     Sampling Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .             46\n                     Control Objectives, Related Policies and Procedures,\n                            and Tests of Described Policies and Procedures . . . . . . . . . . . . . . . . . . . .                              51\n                            General Computer Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                   52\n                            Transaction Processing Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                     66\n\x0c[This page intentionally left blank.]\n\x0c                                     ACRONYMS\n\n\n\nACPS      Automated Compensation Payment System\nADP       Automatic Data Processing\nAID       Agency for International Development\nBPS       Bill Payment System\nBLS       Bureau of Labor Statistics\nCBS       Chargeback System\nCDSI      Computer Data System, Inc.\nCE        Claims Examiner\nCFO       Chief Financial Officer\nCFR       Code of Federal Regulations\nCMF       Case Management File System\nCOLA      Cost of Living Allowance\nCOP       Continuation of Pay\nCPI       Consumer Price Index\nCPI-U     Consumer Price Index for all Urban Consumers\nCPI-Med   Consumer Price Index for Medical\nDBMS      Data Based Management System\nDITMS     Division of Information Technology Management and Services\nDCE       Designated Claims Examiner\nDD        District Director\nDFEC      Division of Federal Employees\' Compensation\nDMA       District Medical Advisor\nDMD       District Medical Director\nDO        District Office\nDOL       United States Department of Labor\nDOLAR$    Department of Labor Accounting and Related Systems\nDPPS      Division of Planning, Policy and Standards\nDRP       Disaster Recovery Plan\nEDP       Electronic Data Processing\nEPA       Environmental Protection Agency\nESA       Employment Standards Administration\nFCS       Fund Control System\nFECA      Federal Employees\' Compensation Act\nFEMA      Federal Emergency Management Agency\nFISCAM    Federal Information System Controls Application Manual\nFMFIA     Federal Managers\' Financial Integrity Act\nGSA       General Services Administration\n\n\n\n\n                                           i\n\x0c                                     ACRONYMS\n\n\nHBI       Health Benefit Insurance\nHHS       U.S. Department of Health and Human Services\nHUD       U.S. Department of Housing and Urban Development\nIBNR      Incurred But Not Reported\nIS        Information Systems\nLBP       Liability Benefits Paid (ratio)\nLWEC      Loss of Wage Earning Capacity\nNASA      National Aeronautics and Space Administration\nNRC       Nuclear Regulatory Commission\nNSF       National Science Foundation\nOIG       Office of Inspector General\nOLI       Optional Life Insurance\nOMAP      Office of Management and Planning\nOMB       Office of Management and Budget\nOPAC      On-line Payment and Collection System\nOPM       Office of Personnel Management\nOWCP      Office of Workers\' Compensation Programs\nRS        Rehabilitation Specialist\nSAS 70    Statement on Auditing Standards, Number 70\nSBA       Small Business Administration\nSCE       Senior Claims Examiner\nSDLC      System Development Life Cycle\nSFFAS     Statement of Federal Financial Accounting Standards\nSOL       Solicitor of Labor\nSSA       Social Security Administration\nSunGard   SunGard Computer Services, Inc.\nTTD       Temporary Total Disability\nU.S.C.    United States Code\nUSPS      United States Postal Service\nVA        U.S. Department of Veterans Affairs\n\n\n\n\n                                            ii\n\x0c                                                                    Carmichael\n                                                               Brasher Tuvell\nCertified                  Public              A c c o u n t a n t s & Company\n                                                                           678-443-9200\n                                                                 Facsimile 678-443-9700\n                                                                       www.cbtcpa.com\n\n\n                                    SECTION IA\n                       INDEPENDENT AUDITORS\' REPORT ON THE\n                         SCHEDULE OF ACTUARIAL LIABILITY,\n                  NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                               AND BENEFIT EXPENSE\n\nD. Cameron Findlay, Deputy Secretary of Labor\nEmployment Standards Administration, U.S. Department of Labor,\nGeneral Accounting Office, Office of Management and Budget and Other Specified Agencies:\n\nWe have audited the accompanying Schedule of Actuarial Liability, Net Intra-Governmental Accounts\nReceivable and Benefit Expense (the Schedule) of the Federal Employees\' Compensation Act Special\nBenefit Fund as of and for the year ended September 30, 2001. This schedule is the responsibility of the\nU.S. Department of Labor\'s management. Our responsibility is to express an opinion on this schedule\nbased on our audit.\n\nWe conducted our audit in accordance with auditing standards generally accepted in the United States of\nAmerica, Government Auditing Standards, issued by the Comptroller General of the United States, and\nthe applicable provisions of OMB Bulletin 01-02, Audit Requirements for Federal Financial Statements.\nThose standards require that we plan and perform the audit to obtain reasonable assurance about whether\nthe Schedule of Actuarial Liability, Net Intra-Governmental Accounts Receivable and Benefit Expense is\nfree of material misstatement. An audit includes examining, on a test basis, evidence supporting the\namounts and disclosures in the Schedule of Actuarial Liability, Net Intra-Governmental Accounts\nReceivable and Benefit Expense. An audit also includes assessing the accounting principles used and\nsignificant estimates made by management, as well as evaluating the overall schedule presentation. We\nbelieve that our audit provides a reasonable basis for our opinion.\n\nIn our opinion, the Schedule of Actuarial Liability, Net Intra-Governmental Accounts Receivable and\nBenefit Expense referred to above presents fairly, in all material respects, the actuarial liability, net intra-\ngovernmental accounts receivable and benefit expense of the Federal Employees\' Compensation Act Special\nBenefit Fund as of and for the year ended September 30, 2001, in conformity with accounting principles\ngenerally accepted in the United States of America.\n\nThis report is intended solely for the information and use of the U.S. Department of Labor, General\nAccounting Office, Office of Management and Budget and those Federal agencies listed in Section IIB of\nthis report and is not intended to be and should not be used by anyone other than these specified parties.\n\n\n\nNovember 26, 2001\n\n\n1647     Mount      Vernon       Road,      Dunwoody        Exchange,        Atlanta,     Georgia       30338\n                                                  1\n\x0c                              SECTION IB\n                     U.S. DEPARTMENT OF LABOR\n              EMPLOYMENT STANDARDS ADMINISTRATION\n              FEDERAL EMPLOYEES\' COMPENSATION ACT\n                        SPECIAL BENEFIT FUND\n                 SCHEDULE OF ACTUARIAL LIABILITY,\n         NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                        AND BENEFIT EXPENSE\n          AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2001\n\n                                                                             (Dollars in\n                                                                            Thousands)\n\n\nActuarial Liability                                                        $ 24,994,376\n\n\nNet Intra-governmental Accounts Receivable                                 $ 3,365,092\n\n\nBenefit Expense                                                            $ 5,145,882\n\n\n\n\n                       See independent auditors\' report.\n           The accompanying notes are an integral part of this schedule.\n\n                                        2\n\x0c                              SECTION IB\n            NOTES TO THE SCHEDULE OF ACTUARIAL LIABILITY,\n            NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                         AND BENEFIT EXPENSE\n            AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2001\n\n1.   SIGNIFICANT ACCOUNTING POLICIES\n\n     a.   Basis of Presentation\n\n          This schedule has been prepared to report the actuarial liability, net intra-governmental\n          accounts receivable and benefit expense of the Federal Employees\' Compensation Act\n          (FECA) Special Benefit Fund, as required by the CFO Act of 1990. The Special Benefit\n          Fund was established by the Federal Employees\' Compensation Act, to provide for the\n          financial needs resulting from compensation and medical benefits authorized under the Act.\n          The U.S. Department of Labor (DOL), Employment Standards Administration (ESA) is\n          charged with the responsibility of operating the Special Benefit Fund under the provisions\n          of the Act. The schedule has been prepared from the accounting records of the Special\n          Benefit Fund.\n\n          The actuarial liability, net intra-governmental accounts receivable and benefit expense of\n          the Special Benefit Fund have been considered specified accounts for the purpose of this\n          special report and have been reported thereon. ESA is responsible for providing annual\n          data to the CFO Act and other specified agencies. FECA\'s annual data is defined as the\n          actuarial liability of the Special Benefit Fund. This annual data is necessary for the CFO\n          Act and other specified agencies to support and prepare their respective financial\n          statements.\n\n          The actuarial liability for future workers\' compensation benefits is an accrued estimate as\n          of September 30, 2001. The net intra-governmental accounts receivable is the amount due\n          from Federal agencies for benefit payments paid to employees of the employing agency. The\n          net intra-governmental accounts receivable includes amounts which were billed to the\n          employing agencies through June 30, 2001, but not paid as of September 30, 2001,\n          including prior years, if applicable, plus the accrued receivable for benefit payments not yet\n          billed for the period July 1, 2001 through September 30, 2001, less credits due from the\n          public.\n\n          Benefit payments are intended to provide income and medical cost protection to covered\n          Federal civilian employees injured on the job, employees who have incurred a work-related\n          occupational disease and beneficiaries of employees whose death is attributable to job-\n          related injury or occupational disease. The actuarial liability is computed from the benefits\n          paid history. The benefits paid, inflation and interest rate assumptions, and other economic\n          factors are applied to the actuarial model which calculates the liability estimate.\n\n\n\n\n                                                3\n\x0c                                 SECTION IB\n               NOTES TO THE SCHEDULE OF ACTUARIAL LIABILITY,\n               NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                            AND BENEFIT EXPENSE\n               AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2001\n\n     b.     Basis of Accounting\n\n            The accounting and reporting policies of the Federal Employees\' Compensation Act Special\n            Benefit Fund relating to the Schedule conforms to accounting principles generally accepted\n            in the United States.\n\n            The actuarial liability for future workers\' compensation benefits is an accrued estimate as\n            of September 30, 2001. Net intra-governmental accounts receivable is the total of the\n            amounts billed to Federal agencies which had not yet been paid plus the accrued receivable\n            for benefit payments not yet billed for the period July 1, 2001 through September 30, 2001,\n            less credits due from the public. Benefit expense consists of payments paid and accrued for\n            the period from October 1, 2000 to September 30, 2001, plus the net change in the actuarial\n            liability for the year.\n\n            Statement of Federal Financial Accounting Standards (SFFAS) Number 5, Section 138,\n            Accounting for Liabilities of the Federal Government, requires that a contingent liability\n            be recognized when three conditions are met. First, a past event or exchange transaction\n            has occurred. Second, a future outflow or other sacrifice of resources is probable. Finally,\n            the future outflow or sacrifice of resources is measurable. Claims which had been incurred\n            but not reported (IBNR) are included in the actuarial liability. Therefore, the actuarial\n            liability represents the estimated present value of future compensation and medical\n            payments based upon approved claims, plus a component for incurred but not reported\n            claims.\n\n\n2.   ACTUARIAL LIABILITY (FUTURE WORKERS\' COMPENSATION BENEFITS)\n\n     The Special Benefit Fund was established under the authority of the Federal Employees\'\n     Compensation Act to provide income and medical cost protection to covered Federal civilian\n     employees injured on the job, employees who have incurred a work-related occupational disease\n     and beneficiaries of employees whose death is attributable to a job-related injury or occupational\n     disease. The fund is reimbursed by other Federal agencies for the FECA benefit payments made\n     on behalf of their workers.\n\n     The actuarial liability for future workers\xe2\x80\x99 compensation reported on the schedule includes the\n     expected liability for death, disability, medical and miscellaneous costs for approved cases. The\n     liability is determined using a method that utilizes historical benefit payment patterns related to a\n     specific incurred period to predict the ultimate payments related to that period.\n\n\n\n                                                  4\n\x0c                                 SECTION IB\n               NOTES TO THE SCHEDULE OF ACTUARIAL LIABILITY,\n               NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                            AND BENEFIT EXPENSE\n               AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2001\n\n     Consistent with past practice, these projected annual benefit payments have been discounted to\n     present value using the Office of Management and Budget\'s (OMB) economic assumptions for 10-\n     year Treasury notes and bonds.\n\n     The interest rate assumptions utilized for discounting were as follows:\n\n                                    5.21% in year 1 and thereafter.\n\n     To provide more specifically for the effects of inflation on the liability for future workers\'\n     compensation benefits, wage inflation factors (cost of living allowance or COLA) and medical\n     inflation factors (consumer price index-medical or CPI-Med) are applied to the calculation of\n     projected future benefits. These factors are also used to adjust the historical payments to current\n     year constant dollars.\n\n     The compensation COLA and the CPI-Med used in the model\'s calculation of estimates were as\n     follows:\n\n             FY        COLA         CPI-Med          FY       COLA         CPI-Med\n            1990       4.43%        8.40%            1998     2.70%        2.77%\n            1991       5.03%        9.36%            1999     1.53%        3.50%\n            1992       5.00%        7.96%            2000     1.97%        3.70%\n            1993       2.83%        6.61%            2001     2.93%        4.42%\n            1994       2.77%        5.27%            2002     3.33%        4.44%\n            1995       2.57%        4.72%            2003     3.00%        4.15%\n            1996       2.63%        3.99%            2004     2.56%        4.09%\n            1997       2.77%        3.11%            2005+    2.50%        4.09%\n\n     The medical inflation rates presented are the average of published quarterly rates covering the\n     benefit payment fiscal year. The compensation inflation rates presented are the blended rates used\n     by the model rather than the published March 1 FECA-COLA factor from which the blended rates\n     are derived.\n\n3.   NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n\n     Net intra-governmental accounts receivable is the total of the amounts billed to Federal agencies\n     which had not yet been paid as of September 30, 2001, plus the accrued receivable for benefit\n     payments not yet billed for the period July 1, 2001 through September 30, 2001, less applicable\n     credits. The Special Benefit Fund also receives an appropriation for the special cases where\n     employing agencies are not charged for compensation or medical bill payments.\n\n\n                                                 5\n\x0c                                 SECTION IB\n               NOTES TO THE SCHEDULE OF ACTUARIAL LIABILITY,\n               NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                            AND BENEFIT EXPENSE\n               AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2001\n\n     Other agencies for whom the Fund does not receive an appropriation recognize the amount of the\n     current chargeback billing as an expense. Some of these agencies receive, as part of their annual\n     appropriation, funding for FECA benefits.\n\n     In addition, certain corporations and instrumentalities are assessed under the Federal Employees\'\n     Compensation Act for a fair share of the costs of administering disability claims filed by their\n     employees. The fair share costs are included in the net intra-governmental accounts receivable.\n\n4.   BENEFIT EXPENSE\n\n     Benefits paid and accrued consists of benefit payments for compensation for lost wages, schedule\n     awards, death benefits and medical benefits paid and accrued under FECA for the period October\n     1, 2000 through September 30, 2001, plus the net change in the actuarial liability for the year. The\n     amount paid and accrued for compensation for lost wages, schedule awards, death benefits and\n     medical benefits totaled $2.201 billion. The net change in the actuarial liability for the year was\n     $2.945 billion. The total amount of benefit expense for the fiscal year was $5.146 billion.\n\n\n\n\n                                                  6\n\x0c                                                                   Carmichael\n                                                             Brasher Tuvell\nCertified                  Public             A c c o u n t a n t s & Company\n                                                                        678-443-9200\n                                                              Facsimile 678-443-9700\n                                                                    www.cbtcpa.com\n\n\n                                      SECTION IIA\n                          INDEPENDENT ACCOUNTANTS\' REPORT\n                         ON APPLYING AGREED-UPON PROCEDURES\n\n\nD. Cameron Findlay, Deputy Secretary of Labor\nEmployment Standards Administration, U.S. Department of Labor,\nGeneral Accounting Office, Office of Management and Budget and Other Specified Agencies:\n\nWe have performed the procedures described in the Agreed-Upon Procedures and Results, Section IIC,\nwhich were agreed to by the U.S. Department of Labor, General Accounting Office, Office of Management\nand Budget, the CFO Act agencies and other specified agencies listed in the Schedules of Actuarial\nLiability by Agency, Net Intra-Governmental Accounts Receivable by Agency and Benefit Expense by\nAgency, Section IIB-1, 2 and 3 (the parties specified) of this special report, solely to assist you and such\nagencies with respect to the accompanying Schedules of Actuarial Liability by Agency, Net Intra-\nGovernmental Accounts Receivable by Agency and Benefit Expense by Agency (Section IIB 1, 2 and 3,\nrespectively) of the Federal Employees\' Compensation Act Special Benefit Fund as of and for the year\nended September 30, 2001.\n\nThe Department of Labor is responsible for the Schedules (Section IIB 1, 2 and 3). The Schedule of\nActuarial Liability by Agency at September 30, 2001, represents the present value of the estimated future\nbenefits to be paid pursuant to the Federal Employees\' Compensation Act. The Schedule of Net Intra-\nGovernmental Accounts Receivable by Agency is the total of the amounts billed to Federal agencies\nthrough June 30, 2001 which had not yet been paid as of September 30, 2001 plus the accrued receivable\nfor benefit payments not yet billed for the period July 1, 2001 through September 30, 2001, less the credits\ndue from the public . The Schedule of Benefit Expense by Agency is the benefits paid and accrued for the\nfiscal year ended September 30, 2001, plus the net change in the actuarial liability for the year.\n\nThis agreed-upon procedures engagement was conducted in accordance with attestation standards\nestablished by the American Institute of Certified Public Accountants and with Government Auditing\nStandards, issued by the Comptroller General of the United States.\n\nAn actuary was engaged to perform certain procedures relating to the actuarial liability as described in\nSection IIC.\n\n\n\n\n1647     Mount      Vernon      Road,     Dunwoody        Exchange,       Atlanta,     Georgia      30338\n                                                7\n\x0cWe express no opinion on the Federal Employees\' Compensation Act Special Benefit Fund\'s internal\ncontrols over financial reporting or any part thereof.\n\nThe sufficiency of the procedures is solely the responsibility of the parties specified in this report.\nConsequently, we make no representation regarding the sufficiency of the procedures described in Section\nIIC either for the purpose for which this report has been requested or for any other purpose. Our agreed-\nupon procedures and results are presented in Section IIC of this report.\n\nWe were not engaged to, and did not perform an audit of the Schedules of Actuarial Liability by Agency,\nNet Intra-Governmental Accounts Receivable by Agency and Benefit Expense by Agency, the objective\nof which is the expression of an opinion on the Schedules or a part thereof. Accordingly, we do not\nexpress such an opinion. Had we performed additional procedures, other matters might have come to our\nattention that would have been reported to you.\n\nThis report should not be used by those who have not agreed to the procedures and taken responsibility\nfor the sufficiency of the procedures for their purposes. This report is intended solely for the information\nand use of the U.S. Department of Labor, General Accounting Office, Office of Management and Budget\nand those Federal agencies (listed in Section IIB) of this report and is not intended to be and should not\nbe used by anyone other than these specified parties.\n\n\n\nNovember 26, 2001\n\n\n\n\n                                                     8\n\x0c                                     SECTION IIB-1\n                             U.S. DEPARTMENT OF LABOR\n                      EMPLOYMENT STANDARDS ADMINISTRATION\n                       FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                SPECIAL BENEFIT FUND\n                    SCHEDULE OF ACTUARIAL LIABILITY BY AGENCY\n                              AS OF SEPTEMBER 30, 2001\n\n\n                                                                Actuarial\n                                                                Liability\nAGENCY                                                    (Dollars in thousands)\nAgency for International Development (AID)                              $30,905\n\nEnvironmental Protection Agency (EPA)                                    39,633\nFederal Emergency Management Agency (FEMA)                               25,241\nGeneral Services Administration (GSA)                                   198,853\nNational Aeronautics and Space Administration (NASA)                     69,672\nNational Science Foundation (NSF)                                           1,806\nNuclear Regulatory Commission (NRC)                                      10,849\nOffice of Personnel Management (OPM)                                     13,752\nUnited States Postal Service (USPS)                                   7,399,470\nSmall Business Administration (SBA)                                      32,255\nSocial Security Administration (SSA)                                    278,345\nTennessee Valley Authority                                              657,530\nU. S. Department of Agriculture                                         878,963\nU. S. Department of the Air Force                                     1,529,893\n\nU. S. Department of the Army                                          1,955,183\nU. S. Department of Commerce                                            223,716\nU. S. Department of Defense - other                                     954,116\n\nU. S. Department of Education                                            22,723\n\nU. S. Department of Energy                                               95,748\nU. S. Department of Health and Human Services                           293,355\n\nU. S. Department of Housing and Urban Development                        84,758\nU. S. Department of the Interior                                        663,471\n\nU. S. Department of Justice                                          $1,193,590\n\n\n                                                    9\n\x0c                                                  SECTION IIB-1\n                                          U.S. DEPARTMENT OF LABOR\n                                   EMPLOYMENT STANDARDS ADMINISTRATION\n                                    FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                             SPECIAL BENEFIT FUND\n                                 SCHEDULE OF ACTUARIAL LIABILITY BY AGENCY\n                                           AS OF SEPTEMBER 30, 2001\n\n\n                                                                                                                 Actuarial\n                                                                                                                 Liability\n    AGENCY                                                                                                  (Dollars in thousands)\n    U. S. Department of Labor                                                                                             250,278\n\n    U. S. Department of the Navy                                                                                        2,968,541\n    U. S. Department of State                                                                                              56,645\n    U. S. Department of Transportation                                                                                  1,202,987\n    U. S. Department of the Treasury                                                                                    1,076,106\n    U. S. Department of Veterans Affairs (VA)                                                                           1,812,675\n    Other agencies 1                                                                                                      973,317\n    Total - all agencies (Memo Only)                                                                                  $24,994,376\n\n\n\n\n1\n    Non-billable and other agencies for which ESA has not individually calculated an actuarial liability.\n\n                                                                                10\n\x0c                                                      SECTION IIB-2\n                                              U.S. DEPARTMENT OF LABOR\n                                       EMPLOYMENT STANDARDS ADMINISTRATION\n                                        FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                                 SPECIAL BENEFIT FUND\n                                        SCHEDULE OF NET INTRA-GOVERNMENTAL\n                                           ACCOUNTS RECEIVABLE BY AGENCY\n                                               AS OF SEPTEMBER 30, 2001\n\n                                                                                                             Amounts                     Net Intra-\n                                                                                          Amounts           Expended        Credits     Governmental\n                                                                                         Billed Not          Not Yet       Due from       Accounts\n                                                                                         Yet Paid(1)         Billed (2)   Public (3)    Receivable(4)\n                                                                                         (Dollars in        (Dollars in   (Dollars in    (Dollars in\n AGENCY                                                                                  thousands)         thousands)    thousands)     thousands)\n\n Agency for International Development                                                            $6,591           $854         ($30)           $7,415\n\n Environmental Protection Agency                                                                   6,807           993           (33)           7,767\n\n Federal Emergency Management Agency                                                               4,762           668           (24)           5,406\n\n General Services Administration                                                                 32,806          4,636         (162)           37,280\n\n National Aeronautics and Space Administration                                                   13,651          1,980           (71)          15,560\n\n National Science Foundation                                                                          267            31           (1)             297\n\n Nuclear Regulatory Commission                                                                     1,547           241            (8)           1,780\n\n Office of Personnel Management                                                                    2,110           307           (10)           2,407\n\n United States Postal Service                                                                    55,092        221,770       (7,095)          269,767\n\n Small Business Administration                                                                     4,606           731           (24)           5,313\n\n Social Security Administration                                                                  39,753          6,039         (195)           45,597\n\n Tennessee Valley Authority                                                                      67,046         17,680         (585)           84,141\n\n U. S. Department of Agriculture                                                               131,508          19,347         (657)          150,198\n\n U. S. Department of the Air Force                                                             262,240          38,377       (1,320)          299,297\n\n U. S. Department of the Army                                                                  268,863          39,777       (1,334)          307,306\n\n U. S. Department of Commerce                                                                    32,437          5,090         (209)           37,318\n\n U. S. Department of Defense - other                                                           159,336          22,706         (790)          181,252\n\n U. S. Department of Education                                                                     3,278         1,541           (18)           4,801\n\n U. S. Department of Energy                                                                      14,773          2,625           (90)          17,308\n\n U. S. Department of Health and Human Services                                                   42,283          6,474         (212)           48,545\n\n U. S. Department of Housing and Urban Development                                               14,596          2,035           (73)          16,558\n\n1 Amounts billed through June 30, 2001 (including prior years) but not yet paid as of September 30, 2001.\n2 Amounts expended but not yet billed for the period July 1, 2001 through September 30, 2001.\n3 Allocation of credits due from public through September 30, 2001.\n4 Total amount due to the fund for each agency as of September 30, 2001.\n\n\n                                                                                        11\n\x0c                                                      SECTION IIB-2\n                                              U.S. DEPARTMENT OF LABOR\n                                       EMPLOYMENT STANDARDS ADMINISTRATION\n                                        FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                                 SPECIAL BENEFIT FUND\n                                        SCHEDULE OF NET INTRA-GOVERNMENTAL\n                                           ACCOUNTS RECEIVABLE BY AGENCY\n                                               AS OF SEPTEMBER 30, 2001\n\n                                                                                                             Amounts                     Net Intra-\n                                                                                          Amounts           Expended        Credits     Governmental\n                                                                                         Billed Not          Not Yet       Due from       Accounts\n                                                                                         Yet Paid(1)         Billed (2)   Public (3)    Receivable(4)\n                                                                                         (Dollars in        (Dollars in   (Dollars in    (Dollars in\n AGENCY                                                                                  thousands)         thousands)    thousands)     thousands)\n\n U. S. Department of the Interior                                                                98,923         14,497         (495)          112,925\n\n U. S. Department of Justice                                                                   175,616          26,531         (898)          201,249\n\n U. S. Department of Labor                                                                       47,169          7,823         (262)           54,730\n\n U. S. Department of the Navy                                                                  488,466          68,422       (2,431)          554,457\n\n U. S. Department of State                                                                       15,745          2,349           (80)          18,014\n\n U. S. Department of Transportation                                                            196,181          28,854         (979)          224,056\n\n U. S. Department of the Treasury                                                              162,102          26,088         (822)          187,368\n\n U. S. Department of Veterans Affairs                                                          288,264          43,373       (1,437)          330,200\n\n Other agencies                                                                                116,264          21,127         (611)          136,780\n\n Total - all agencies (Memo Only)                                                         $2,753,082          $632,966     ($20,956)       $3,365,092\n\n\n\n\n1 Amounts billed through June 30, 2001 (including prior years) but not yet paid as of September 30, 2001.\n2 Amounts expended but not yet billed for the period July 1, 2001 through September 30, 2001.\n3 Allocation of credits due from public through September 30, 2001.\n4 Total amount due to the fund for each agency as of September 30, 2001.\n\n\n                                                                                        12\n\x0c                                      SECTION IIB-3\n                              U.S. DEPARTMENT OF LABOR\n                       EMPLOYMENT STANDARDS ADMINISTRATION\n                        FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                 SPECIAL BENEFIT FUND\n                       SCHEDULE OF BENEFIT EXPENSE BY AGENCY\n                   AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2001\n\n\n                                                          Benefits     Change in        Total\n                                                          Paid and      Actuarial      Benefit\n                                                          Accrued       Liability     Expense\n                                                         (Dollars in   (Dollars in   (Dollars in\nAGENCY                                                   thousands)    thousands)    thousands)\nAgency for International Development                         $2,964         $1,086         $4,050\n\nEnvironmental Protection Agency                               3,333          5,960          9,293\n\nFederal Emergency Management Agency                           2,381          3,245          5,626\n\nGeneral Services Administration                               16,228        19,857         36,085\n\nNational Aeronautics and Space Administration                  7,339         8,091         15,430\n\nNational Science Foundation                                      108            39            147\n\nNuclear Regulatory Commission                                    839         2,619          3,458\n\nOffice of Personnel Management                                 1,044         1,016          2,060\n\nUnited States Postal Service                                 738,581     1,101,040      1,839,621\n\nSmall Business Administration                                  2,359         1,509          3,868\n\nSocial Security Administration                                20,358        38,931         59,289\n\nTennessee Valley Authority                                    60,746        71,142        131,888\n\nU. S. Department of Agriculture                               67,353       110,431        177,784\n\nU. S. Department of the Air Force                            133,926       192,692        326,618\n\nU. S. Department of the Army                                 170,515       223,505        394,020\n\nU. S. Department of Commerce                                  20,368        68,069         88,437\n\nU. S. Department of Defense - other                           64,679        78,010        142,689\n\nU. S. Department of Education                                  1,797         3,903          5,700\n\nU. S. Department of Energy                                     9,158        11,263         20,421\n\nU. S. Department of Health and Human Services                 21,513        29,462         50,975\n\nU. S. Department of Housing and Urban Development              7,373        10,105         17,478\n\nU. S. Department of the Interior                              50,716        78,641        129,357\n\nU. S. Department of Justice                                   90,953     $208,077         299,030\n\n\n                                                    13\n\x0c                                                 SECTION IIB-3\n                                         U.S. DEPARTMENT OF LABOR\n                                  EMPLOYMENT STANDARDS ADMINISTRATION\n                                   FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                            SPECIAL BENEFIT FUND\n                                  SCHEDULE OF BENEFIT EXPENSE BY AGENCY\n                              AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2001\n\n\n                                                                                                 Benefits           Change in        Total\n                                                                                                 Paid and            Actuarial      Benefit\n                                                                                                 Accrued             Liability     Expense\n                                                                                                (Dollars in         (Dollars in   (Dollars in\n    AGENCY                                                                                      thousands)          thousands)    thousands)\n    U. S. Department of Labor                                                                          20,973            28,998         49,971\n\n    U. S. Department of the Navy                                                                      248,162           303,107        551,269\n\n    U. S. Department of State                                                                               6,925        6,729          13,654\n\n    U. S. Department of Transportation                                                                 99,446           116,242        215,688\n\n    U. S. Department of the Treasury                                                                   85,117           160,468        245,585\n\n    U. S. Department of Veterans Affairs                                                              147,582           227,644        375,226\n\n    Other agencies (1)                                                                                 98,075         (166,910)        (68,835)\n\n    Total - all agencies (Memo Only)                                                             $2,200,911          $2,944,971     $5,145,882\n\n\n\n\n1\n    Non-billable and other agencies for which ESA has not individually calculated an actuarial liability.\n\n                                                                                14\n\x0c                                        SECTION IIC\n                             AGREED-UPON PROCEDURES & RESULTS\n\nSUMMARY\n\nOur objective was to perform specified agreed-upon procedures to the Schedules of Actuarial Liability by\nAgency, Net Intra-Governmental Accounts Receivable by Agency and Benefit Expense by Agency as of\nand for the year ended September 30, 2001, as summarized below:\n\nC      Applied certain agreed-upon procedures as detailed in this section of the report to the estimated accrued actuarial\n       liability of future FECA benefit payments as of September 30, 2001. A certified actuary was engaged to review the\n       calculation of the actuarial liability.\n\nC      Applied certain agreed-upon procedures as specified in this section of the report to the net intra-governmental\n       accounts receivable billings and balances for the period ending September 30, 2001.\n\nC      Applied certain agreed-upon procedures as outlined in this section of the report to the compensation and medical\n       payments for the period October 1, 2000 to April 30, 2001 (sampling period), and for the period October 1, 2000\n       to September 30, 2001, and to DOL\xe2\x80\x99s cut-off process. Calculated the change in the actuarial liability from the prior\n       year to the current year.\n\nThese procedures were performed in accordance with the attestation standards established by the American\nInstitute of Certified Public Accountants and with Government Auditing Standards, issued by the\nComptroller General of the United States.\n\nEach section of this agreed-upon procedures report has a general overview of the section followed by a\ndetailed listing of the agreed-upon procedures performed and the results of the procedures for each section\nof this engagement.\n\nIn summary, we applied the following agreed-upon procedures:\n\nActuarial Liability -Consistent with prior years, the actuarial liability was evaluated by an independent\nactuary. Agreed-upon procedures were performed on the methodology, assumptions and information used\nin the model. The 2001 benefit payments predicted by the model for 2000 were compared to actual\npayments made in 2001,and ratios were calculated that compared the change in the liability by agency to\nthe change in the aggregate liability and the agency groupings. We also, calculated the liability to benefits\npaid ratio by agency.\n\nNet Intra-Governmental Accounts Receivable - Confirmation letters regarding the accounts receivable as\nof September 30, 2001, were mailed and confirmed with the CFO Act and other selected agencies.\nAgreed-upon procedures were performed on FY 2001 accounts receivable as compared with FY 2000\naccounts receivable with regards to new receivables, collections, write-offs, and chargebacks and\nexplanations were requested for changes of over 5 percent.\n\nBenefit Expense - Agreed-upon procedures were applied to the benefit payments made during the current\nfiscal year by district office, by strata, and by agency as compared to benefit payments of the prior fiscal\nyear and to DOL\xe2\x80\x99s cut-off process. Calculated the change in the actuarial liability from the prior year to\nthe current year.\n\n\n\n\n                                                          15\n\x0c                                        SECTION IIC\n                             AGREED-UPON PROCEDURES & RESULTS\n\n\nACTUARIAL LIABILITY\n\nGeneral Overview\nThe actuarial model and the resulting actuarial liability were evaluated by an independent actuary. The\nindependent actuary issued a report which stated the aggregate actuarial liability was reasonably stated in\naccordance with Actuarial Standards. We performed agreed-upon procedures on the calculation of the\nactuarial liability by employing agency. Our procedures included considerations of how the change in each\nagency\'s liability related to the change in the total estimate, its own history, its group, and to the benefit\npayments made during the current year.\n\nProcedures and Results\n\n       Agreed-Upon Procedures Performed                                   Results of Procedures\n\n Engaged a certified actuary to review the           The actuary\xe2\x80\x99s evaluation of the methodology used in the model\n calculations of the actuarial liability as to:      did not disclose any specific concerns regarding the\n C        Whether or not the assumptions used by     methodology and assumptions.\n          the model were appropriate for the\n          purpose and method to which they were      The actuary concluded that the model calculated a liability that\n          applied.                                   was generally reasonable under the method and assumptions\n C        Whether or not the assumptions were        used. The actuary tested the calculations included in the model\n          reasonable representations for the         and found that they were performed consistent with the model\'s\n          underlying phenomena which they            stated assumptions.\n          model.\n C        Whether or not such assumptions were\n          being applied correctly and if other\n          calculations within the model were being\n          performed in a manner as to generate\n          appropriate results.\n C        Whether or not changes in the\n          assumptions over the years affected\n          trends.\n C        Whether or not tests of calculations\n          provided a reasonable basis regarding\n          the integrity of the model as a whole.\n C        Whether or not the overall results were\n          reasonable.\n\n\n\n\n                                                         16\n\x0c                                        SECTION IIC\n                             AGREED-UPON PROCEDURES & RESULTS\n\n\n      Agreed-Upon Procedures Performed                                    Results of Procedures\n\nConfirmed with the American Academy of               The actuarial specialist was accredited and in good standing\nActuaries and the Casualty Actuarial Society as to   with the American Academy of Actuaries and the Casualty\nwhether the actuary was accredited and in good       Actuarial Society. The actuarial consulting firm certified that\nstanding with the associations. Obtained a           they were independent from DOL-FECA. The actuarial\nstatement of independence from the actuarial         consulting firm provided references stating experience in the\nfirm. Obtained two references from clients of the    type of work required for this engagement. The references\nactuarial firm as to the actuary\'s work.             provided confirmed the work of the actuarial firm.\n\nCompared the economic assumptions used by the        The model utilizes estimates of prospective inflation and interest\nmodel for 2000 to the assumptions used during        rates to project and then discount future benefit payments. As\nthe current year.                                    published by OMB, prospective interest rates of 10-year\n                                                     Treasury bills decreased from 6.3% for the prior year to 5.21%\n                                                     for the current year. The liability was approximately 11%\n                                                     higher due to the decrease in the interest rate from the prior\n                                                     year.\n\n                                                     The short-term increases in both inflation factors predicted were\n                                                     offset by minor decreases in the long-term predictions. For\n                                                     instance, the Bureau of Labor Statistics\xe2\x80\x99 (BLS) estimates of\n                                                     COLA for the current period increased from 1.97% last year to\n                                                     3.33% this year. However, starting in 2004, BLS predicts a\n                                                     recurring inflation factor of 2.5%, which is a .1% lower\n                                                     recurring factor than had been predicted last year for the long-\n                                                     term. This pattern repeats itself with the current medical\n                                                     inflation rate increasing from 3.69% to 4.44% for 2002, offset\n                                                     by a recurring factor of 4.09% starting in 2004, .07% lower\n                                                     than the long-term factors predicted last year (4.16%). The\n                                                     change in inflation factors resulted in an estimate approximately\n                                                     .21% lower than would have been estimated using the 2000\n                                                     estimated inflation rates which indicates that the effect of the\n                                                     change in inflation rates is minimal.\n\nCompared the interest and inflation rates used by    We determined that the interest rates used in the model were the\nthe model to the source documents from which         same interest rates stated in OMB\xe2\x80\x99s publication.\nthey were derived.\n                                                     We determined that the inflation rates used in the model were\n                                                     derived from the BLS indices cited with a minor exception, as\n                                                     described below. The rates from the BLS indices were adjusted\n                                                     to accommodate the difference between the year end of the\n                                                     actuarial model and the year end of the cited rates. We\n                                                     recalculated the blended rates without exception.\n\n                                                     In updating the settings page, data entry inadvertently carried\n                                                     forward the wrong historic inflation rate for year 2000 which\n                                                     resulted in a .15% overstatement in the actuarial liability. The\n                                                     range of impact by agency varied from .07% to .23%.\n\n\n\n\n                                                         17\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\n\n      Agreed-Upon Procedures Performed                                    Results of Procedures\n\nCompared the actuarial liability by agency as       The liability reported on the Memorandum issued to the CFOs\nreported in a Memorandum to the CFOs of             of Executive Departments of the unaudited estimated actuarial\nExecutive Departments of the unaudited              liability for future workers\' compensation benefits agreed with\nestimated actuarial liability for future workers\'   the liability calculated by the model and reported on the\ncompensation benefits to the liability calculated   Projected Liability Reports.\nby the model and reported on the Projected\nLiability Reports.\n\nCompared by agency and in aggregate, the 1998-      The amounts in aggregate agreed without exception. By agency,\n2001 benefit payments downloaded to the model       approximately $168,000 of 1998 DOT benefit payments had\nwith the amount of benefit payments reflected in    been downloaded as "Other Agencies". This amount represented\nthe Summary Chargeback Billing Report, to           approximately .17% of DOT\'s 1998 payments. No other\ndetermine whether the benefit payment data used     exceptions were noted.\nby the model was the same data upon which\nagreed-upon procedures for benefit payments\nwere performed.\n\nDetermined the basis of the agency groupings and    The grouping was determined premised on a claim duration\nperform tests to establish the consistency of the   probability study performed by a DOL economist. Both the\ngrouping. Determined the impact of such             designers of the model and the independent actuary agreed that\ninclusion in a grouping.                            the study provided a basis for such groupings. The groupings in\n                                                    the model agreed to the groupings in the study. The study\n                                                    included data through 1991, and therefore, agencies newer to\n                                                    FECA had not been studied. These agencies were placed in\n                                                    Group III, whose average probability approximated the average\n                                                    of the aggregate population. These agencies are AID, FEMA,\n                                                    NSF, NRC, OPM, SBA, and SSA.\n\n                                                    Group experience is used to develop the backfilling factors and\n                                                    is factored into the loss development feature used to project the\n                                                    pattern of future payments. Experience of the group would\n                                                    calculate most significantly in smaller agencies.\n\n                                                    The independent actuary has recommended a reduction in the\n                                                    weighting factor associated with agency experience due both to\n                                                    the age and completeness of the study upon which it was based\n                                                    and certain aspects of group behavior.\n\n                                                    The groupings for 2001 were consistent with 2000.\n\n\n\n\n                                                         18\n\x0c                                        SECTION IIC\n                             AGREED-UPON PROCEDURES & RESULTS\n\n\n      Agreed-Upon Procedures Performed                                     Results of Procedures\n\nCalculated the change in the actuarial estimate by   The aggregate liability increased 14.95% over the prior year. By\nagency and in aggregate. Identify those agencies     group, the increases ranged from 12.59% to 17.48%. Eight\nthat changed more than 5% of the aggregate           agencies were identified that increased by less than 8% or more\nchange.                                              than 18%. These agencies included NSF (2.21%), SBA (4.91%),\n                                                     OPM (7.98%), AID (3.64), Education (20.74%), Commerce\n                                                     (43.73%), NRC (31.82%), and Justice (21.11%).\n\n                                                     An analysis of these agencies\' benefit payments as a factor in\n                                                     estimating their future liability produced results within 10% of\n                                                     the model\'s estimate for Education, Commerce, OPM, NRC,\n                                                     and Justice indicating that the disproportionate increase in these\n                                                     agencies\' liabilities to the overall increase was due in part to the\n                                                     change in the agencies\xe2\x80\x99 benefit payments.\n\n                                                     The indication that the remaining three agencies (NSF, AID and\n                                                     SBA) might be understated based on their disproportionately\n                                                     low increase was contradicted by other procedures performed.\n                                                     For example, the liability to benefits paid ratio (LBP) for NSF\n                                                     and SBA were 16.3 and 13.3, both above the average ratio for\n                                                     the model which was 11.6. AID was lower than average with an\n                                                     LBP at 10.3, but not outside the representative range of values.\n                                                     The comparison of the actual benefit payments to model-\n                                                     projected payments indicated that the model projected within\n                                                     5% for both AID and SBA. NSF\'s actual benefit payments were\n                                                     lower than projected.\n\n\n\n\n                                                          19\n\x0c                                      SECTION IIC\n                           AGREED-UPON PROCEDURES & RESULTS\n\n\n      Agreed-Upon Procedures Performed                                Results of Procedures\n\nCompared the benefit payments predicted by the   Despite a 5.16% increase in actual benefit payments, last year\xe2\x80\x99s\nmodel for year 2001 to the actual benefit        model projected benefit payments 10% higher than actually\npayments. Identified the agencies where the      occurred during 2001. The increase in payments during\nmodel computed benefit payments that varied by   FY2001, consisted of a 9.88% increase in medical benefit\nmore than 20% from actual benefit payments       payments and a 3.4% increase in compensation benefit\nmade during the 2001 year.                       payments. In constant dollars, the payments increased 1.89%,\n                                                 mostly as a result of increases in medical payments. The\n                                                 aggregate trend of the last four years in constant dollars is\n                                                 1.21% annually, consisting principally of increases in medical\n                                                 payments.\n\n                                                 Approximately 73% of the agencies had projected benefit\n                                                 payments that varied by less than 15%, with these agencies\n                                                 having a range from .33% to 38.26%. The following three\n                                                 agencies\xe2\x80\x99 actual payments varied from the projected benefit\n                                                 payments by more than 20%: State (+38.26%), NSF (-26.4%),\n                                                 and Justice (-20.63%).\n\n                                                 State\'s benefit payment increase over the last four years in\n                                                 constant dollars was approximately 7.6%. The model projected\n                                                 payments of $5million for 2001, actual payments were\n                                                 $7million for 2001 and the average annual constant dollar\n                                                 payments over the last four years were $6million.\n\n                                                 NSF\'s benefit payments increased during the previous two years\n                                                 but decreased under 1997 payment levels during 2001 with a\n                                                 31.18% decrease in constant dollars. Without the decrease, the\n                                                 difference between the projected benefit payments and the actual\n                                                 benefit payments would have been less than 20%. The model\n                                                 projected payments of $150,360 for the 2001 year, slightly less\n                                                 than the 2000 payments. Actual payments were $110,670 for the\n                                                 year ended June 30, 2001. Average annual constant dollar\n                                                 payments over the last four years were approximately $133,000.\n\n                                                 Justice\'s benefit payment pattern increase over the last four\n                                                 years in constant dollars was 6.5%. The model projected\n                                                 payments of $115million for 2001. Actual payments were\n                                                 $91million for the year ended June 30, 2001, which is\n                                                 commensurate with increases in prior years. Average annual\n                                                 constant dollar payments over the last four years were\n                                                 $80million. The LBP ratio for Justice, while higher than the\n                                                 average, is not outside the range of LBP ratios.\n\n\n\n\n                                                     20\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\n\n      Agreed-Upon Procedures Performed                                       Results of Procedures\n\nCalculated the ratio of the agency liability to the   The liability to benefits paid ratio of the aggregate liability was\nbenefit payments (LBP) by agency and compared         approximately 11.6%. By group, the range of the ratio was from\nthis to the overall ratio and group ratio.            10.3% (Postal Service) to 13.5% (Group III). The following\nIdentified and sought explanation for those           agencies varied by more than 10% from their group\'s ratio and\nagencies for which the ratio varied by more than      fell outside the range of group ratios: HHS (13.7%-Group I),\n10% from their group ratio, and lay outside the       NSF (16.3%-Group III) , State (8.0%-Group IV), and\nrange of group averages.                              NASA (9.6%-Group IV).\n\n                                                      Actual benefit payments for HHS were less than the projected\n                                                      payments by 17.39% in a year when benefit payments were\n                                                      consistent with trends. However, a predictive test of the future\n                                                      liability that considered the change in the agency\xe2\x80\x99s benefit\n                                                      payments as factor in estimating the future liability of HHS was\n                                                      within 2% of the model\xe2\x80\x99s calculation, indicating consistency\n                                                      with prior year estimate and the aggregate model behavior\n                                                      pertaining to the change in economic assumptions.\n\n                                                      NSF\xe2\x80\x99s downward trend in 2001 benefit payments was not\n                                                      representative of NSF\xe2\x80\x99s payment history. NSF\xe2\x80\x99s ratio falls\n                                                      within an acceptable range if the average constant dollar\n                                                      payments over the last four years is substituted as the\n                                                      denominator. A predictive test of the future liability that\n                                                      considered the change in the agency\xe2\x80\x99s benefit payments as a\n                                                      factor in estimating the future liability, resulted in a liability\n                                                      19.15% lower than the model\xe2\x80\x99s calculation.\n\n                                                      Actual benefit payments were higher than predicted by 38.26%\n                                                      and 13.59% for State and NASA, respectively. Also, a\n                                                      predictive test of the future liability based on the change in the\n                                                      agency\xe2\x80\x99s benefit payments resulted in liabilities higher by\n                                                      10.57% and 12.58% than the model calculated liabilities.\n\nCompared the actuarial liability for the Postal       The actuarial liability computed for the Postal Service was\nService calculated by the model to the actuarial      23.81% higher than the Postal Service\'s independent\nliability calculated by the Postal Service\'s          computation. Last year, FECA\'s model was 9.86% higher than\nindependent model.                                    the Postal Service\xe2\x80\x99s model. The increase in the difference is\n                                                      primarily due to the decrease in the interest rate used by FECA.\n                                                      Using last year\'s economic assumptions, the FECA model would\n                                                      have calculated a Postal Service liability 11.18% higher than the\n                                                      Postal Service\' independent computation. The Postal Service\n                                                      has not varied their economic assumptions from last year. Using\n                                                      the net effective interest rate used by the Postal Service in\n                                                      FECA\xe2\x80\x99s model results in FECA\'s liability being 7.31% higher\n                                                      than the Postal Service calculation.\n\n                                                      The Postal Service is not grouped in the model with any other\n                                                      agency. Both models are premised upon historic extrapolation\n                                                      models, but vary in methodology.\n\n\n\n\n                                                           21\n\x0c                                        SECTION IIC\n                             AGREED-UPON PROCEDURES & RESULTS\n\n\n      Agreed-Upon Procedures Performed                                  Results of Procedures\n\nPerformed a limited survey of interest and         Surveyed rates for compensation ranged from 3.375% to 1.84%\ninflation rates utilized by the Postal Service,    and for medical ranged from 1.66% to 1.05%. The model\'s\nOPM, and two other sources with governmental       rates compute to net effective rates of approximately 2.61% for\nactuarial liabilities experience. Determined how   compensation and 1.07% for medical. The medical portion of\nthe surveyed net effective rates compared to the   the liability comprises approximately 19% of the total, up from\ninterest rates used in the model.                  17.5% last year.\n\n\n\n\n                                                       22\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\n\nNET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n\nGeneral Overview\n\nAgreed-upon procedures were applied to the net intra-governmental accounts receivable as of September\n30, 2001, as compared with net intra-governmental accounts receivable as of September 30, 2000, with\nregards to new receivables, collections, write-offs, and chargebacks.\n\nWe compared the fiscal year 2001 net intra-governmental accounts receivable to the fiscal year 2000 net\nintra-governmental accounts receivable and investigated changes of over 5 percent. We also compared new\nreceivables, collections and write-offs for fiscal year 2001 to fiscal year 2000; calculated the accounts\nreceivable outstanding for each fiscal year; calculated the chargeback and fair share total for 2001; and\nconfirmed the chargeback amounts billed for claimants\' payments directly with the Federal agencies\ncharged.\n\nProcedures and Results\n\n          Agreed-Upon Procedures Performed                                  Results of Procedures\n\n\n Compared prior year ending net intra-governmental        The change in the net intra-governmental accounts\n accounts receivable balances to the current year net     receivable balances was in proportion to the increases in\n intra-governmental accounts receivable balance by        benefit payments billed to each Federal agency.\n Federal agency. Determined whether the increase or\n decrease was in proportion to the change in amounts\n billed.\n\n Compared the fiscal year 2001 account activity by        The change in the write-offs and new accounts were in\n Federal agency for write-offs and new accounts           proportion with the amounts billed and collected.\n receivable to prior fiscal year activity. Determined\n whether the increase or decrease was in proportion to\n the change in amounts billed and collected.\n\n Confirmed accounts receivable balances due as of         Returned confirmations were reviewed for agreement to\n September 30, 2001, for all Federal agencies.            amounts recorded. Explanations for the differences were\n                                                          obtained. DOL\xe2\x80\x99s CFO office has an interagency\n                                                          workgroup which works to resolve any differences with\n                                                          other agencies.\n\n Compared the chargeback billing report for the period,   The amounts billed to the Federal agencies for the period\n July 1, 2000 through June 30, 2001, to the amounts       July 1, 2000 through June 30, 2001, agreed to the\n billed to the Federal agencies.                          chargeback billing report.\n\n Recalculated the allocation of credits due from the      No exceptions were noted.\n public.\n\n Determined, for a non-statistical sample of 100 items,   No exceptions were noted.\n whether claimant accounts receivable overpayments\n were properly established and classified.\n\n\n\n                                                          23\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\n\nDetermined, for a non-statistical sample of 26 items,      No exceptions were noted.\nwhether, for cases in the preliminary status, the Letter\nCA-2201 or Letter CA-2202, as applicable, was\nproperly issued to notify the claimants of the\npreliminary decision regarding the claimant\xe2\x80\x99s accounts\nreceivable and to give the claimant an opportunity to\nprovide additional evidence regarding the accounts\nreceivable. Determined whether, for cases in the final\nstatus, a final decision was made as to the debt and\nwhether the final decision was properly recorded and\nreported to the claimant.\n\nDetermined, for a non-statistical sample of 100 items,     In 1 of 100 accounts receivable items sampled, an\nwhether the proper procedures were followed with           adjustment was not properly posted to DMS resulting in\nregards to the establishment of a repayment plan, the      an overstatement of $4,197.\nassessment of interest, the compromise or waiving of\nportions of interest or principal as appropriate and the   In 1 of 100 accounts receivable items sampled, a portion\npursuit of accounts receivable which were in arrears.      of the interest was improperly accrued resulting in a net\n                                                           overstatement of approximately $828. In 2 of 100\n                                                           accounts receivable, the interest being accrued was larger\n                                                           than the payments being made.\n\n\n\n\n                                                           24\n\x0c                                        SECTION IIC\n                             AGREED-UPON PROCEDURES & RESULTS\n\n\nBENEFIT EXPENSE\n\nGeneral Overview\n\nAgreed-upon procedures were applied to compensation and medical benefit payments in total, by strata,\nby average payment and by agency for the fiscal year ended September 30, 2001, to the fiscal year ended\nSeptember 30, 2000, and for the interim period of October 1, 2000 to May 31, 2001, to the interim period\nof October 1, 1999 to May 31, 2000. Changes in the actuarial liability from the prior year to the current\nyear were calculated. Agreed-upon procedures were applied to DOL\'s cut-off process.\n\nProcedures and Results\n\n Agreed-Upon Procedures Performed                      Results of Procedures\n\n Compared the benefit payments recorded in the         The benefit payments recorded in the ACPS and BPS databases\n Automated Compensation Payment System (ACPS)          varied from the Department of Treasury\xe2\x80\x99s SF-224 at May\n and Benefit Payment System (BPS) databases to the     31, 2001, by .02%. As of September 30, 2001, the ACPS and\n Department of Labor\'s general ledger and the          BPS databases varied from the Department of Treasury\xe2\x80\x99s SF-\n Department of Treasury\xe2\x80\x99s SF-224s as of May 31,        224 at September 30, 2001, by .02%\n 2001 and September 30, 2001.                          ($.450 million) and from the Department of Labor\xe2\x80\x99s general\n                                                       ledger by .59% ($12.8 million).\n\n Obtained the Department of Labor\'s year-end cut-off   The year-end adjustment made to the general ledger to prorate\n procedures. Obtained the year-end adjustments         the expenditures which overlapped fiscal years agreed to the\n made to the general ledger to prorate expenditures    supporting documentation. The adjustments were recorded in\n which overlapped fiscal years. Determined if these    the correct period.\n adjustments were recorded in the correct period.\n\n Determined the average ACPS and BPS payments                         Strata with more than 7% variances:\n by strata for the May 31, 2001, and September 30,                        ACPS              Increase/(Decrease)\n 2001, database and compared them to the average       5/31/01            Credits                   -18.3%\n ACPS and BPS payments by strata for the May 31,                          Payments >$150,000         10.09%\n 2000, and September 30, 2000, databases.              9/30/01            Credits                   -12.1%\n Determined if there were any variances larger than                       Payments <$3,000          -14.73%\n 7%. Requested explanations from DOL for variance                         Payments >$150,000         11.48%\n per strata over 7%, if any.                                              BPS               Increase/(Decrease)\n                                                       5/31/01            Credits                   10.32%\n                                                                          Payments >$150,000        17.22%\n                                                       9/30/01            Payments >$150,000        16.45%\n\n                                                       The decrease in ACPS credits was due to the reduction of accounts\n                                                       receivable collections, the decrease in payments under $3,000 is due to\n                                                       the overall increase in compensation payments due to application of the\n                                                       CPI and the increase of payments over $150,000 was due to the volume\n                                                       of cases adjudicated by the Hearings and Review Board. The increase\n                                                       in BPS credits was due to the more timely monthly posting of credits in\n                                                       the current year and the increase in BPS payments over $150,000 was\n                                                       due to the overall increase in the cost of medical benefit payments.\n\n\n\n\n                                                         25\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\n\nAgreed-Upon Procedures Performed                        Results of Procedures\n\nCompared the total benefit payments for each of the     Benefit payments increased 6% in 2001.\nlast 5 fiscal years. Determined if there were any\nvariances larger than 5% for each of the 5 fiscal       Medical benefit payments increased substantially over prior\nyears. Requested explanations from DOL for              years resulting in higher overall benefit payments.\nvariances over 5%, if any.\n\nCompared the summary chargeback billing list to         The agency chargeback billing list varied from the benefit\nthe benefit payment databases as of September 30,       payment databases for the fiscal year ending September 30,\n2001.                                                   2001, by .06%.\n\nCompared, by agency and in total, compensation          Benefit payments for the fiscal year ending September 30,\nand medical bill payments for the fiscal year ending    2001, increased 6% overall from the prior year. Benefit\nSeptember 30, 2001, with payments made for the          payments changed by more than 7% of the overall increase, for\nfiscal year ending September 30, 2000. Requested        the following agencies:\nexplanations from DOL for variances in excess of                 Department of Commerce                      35%\n7% of the overall increase, if any.                              NASA                                        16%\n\n                                                        The increase at Department of Commerce was due to the\n                                                        increase in claimants as a result of the decennial census and\n                                                        the increase at NASA was due largely to a large sum payment\n                                                        made as the result of a Hearings and Review Board decision on\n                                                        a death case dating back to 1984.\n\nCompared the benefit payments made by each              Benefit payments by district office for the period through May\ndistrict office as of May 31, 2001, and September       31, 2001 and September 30, 2001, varied from the prior year\n30, 2001, to the prior year data. Determined if there   by 6.41% to 5.92% for the 12 district offices. Benefit\nwere any variances larger than 5%. Requested            payments increased by more than 5% of the average change for\nexplanations from DOL for variances over 5%, if         the Chicago (18%, 17%) and National Office (80%, 70%) at\nany.                                                    May 31, 2001 and September 30, 2001, respectively.\n\n                                                        The increase in cases at the Chicago office was due to the\n                                                        movement of cases from other district offices The increase in\n                                                        cases at the National Office was the result of a change in the\n                                                        coding of ECAB cases from the district office to Hearings and\n                                                        Review in the National Office.\n\nCalculated a 12-month projected benefit payment         The actual 12-month total benefit payments varied from the\nbased on the May 31, 2001 database (8 month).           projected 12-month total benefit payments for the fiscal year\nCompared the projected 12-month total benefit           ending September 30, 2001, by -1.99%.\npayments to the actual 12-month total benefit\npayments as of September 30, 2001.\n\nCalculated the change in the actuarial liability        No exceptions were noted.\nreported on the current year and prior year\xe2\x80\x99s\ncompilation report prepared by DOL.\n\n\n\n\n                                                          26\n\x0c                                                                   Carmichael\n                                                              Brasher Tuvell\nCertified                  Public             A c c o u n t a n t s & Company\n                                                                         678-443-9200\n                                                               Facsimile 678-443-9700\n                                                                     www.cbtcpa.com\n\n                                     SECTION IIIA\n                         INDEPENDENT SERVICE AUDITORS\' REPORT\n\n\nD. Cameron Findlay, Deputy Secretary of Labor\nEmployment Standards Administration, U.S. Department of Labor,\nGeneral Accounting Office, Office of Management and Budget, and Other Specified Agencies:\n\nWe have examined the accompanying description of the policies and procedures of the Division of Federal\nEmployees\' Compensation applicable to general computer controls and the processing of transactions for\nusers of the Federal Employees\' Compensation Act Special Benefit Fund. Our examination included\nprocedures to obtain reasonable assurance about whether (1) the accompanying description presents fairly,\nin all material respects, the aspects of DFEC policies and procedures that may be relevant to the internal\ncontrols of users of the FECA Special Benefit Fund; (2) the control structure policies and procedures\nincluded in the description were suitably designed to achieve the control objectives specified in the\ndescription, if those policies and procedures were complied with satisfactorily, and users of the FECA\nSpecial Benefit Fund applied the internal control policies and procedures contemplated in the design of\nDFEC\'s policies and procedures, as described in Section IIIB; and (3) such policies and procedures had\nbeen placed in operation as of April 30, 2001.\n\nDFEC uses SunGard Computer Services, Inc. (SunGard), to process information and to perform various\nfunctions related to the data processing services of the FECA Special Benefit Fund. The accompanying\ndescription includes only those policies and procedures and related control objectives at DFEC, and does\nnot include policies and procedures and related control objectives at SunGard, a subservicer. The control\nobjectives were specified by the management of DFEC and did not extend to the controls at SunGard. Our\nexamination did not extend to the controls of SunGard, the subservicer. Our examination was performed\nin accordance with standards established by the American Institute of Certified Public Accountants,\nGovernment Auditing Standards, issued by the Comptroller General of the United States, and included\nthose procedures we considered necessary in the circumstances to obtain a reasonable basis for rendering\nour opinion.\n\nIn our opinion, the accompanying description of the policies and procedures of DFEC presents fairly, in\nall material respects, the relevant aspects of DFEC\'s policies and procedures that had been placed in\noperation as of April 30, 2001. Also, in our opinion, the policies and procedures, as described, are suitably\ndesigned to provide reasonable assurance that the specified control objectives would be achieved if the\ndescribed policies and procedures were complied with satisfactorily and users of the FECA Special Benefit\nFund applied the internal control policies contemplated in the design of the DFEC\'s policies and\nprocedures.\n\n\n\n\n1647     Mount      Vernon      Road,     Dunwoody         Exchange,       Atlanta,     Georgia      30338\n                                                27\n\x0cIn addition to the procedures we considered necessary to render our opinion, as expressed in the previous\nparagraph, we applied tests to specified policies and procedures to obtain evidence about their effectiveness\nin meeting the related control objectives during the period from October 1, 2000 through April 30, 2001.\nThe specific policies and procedures and the nature, timing, extent, and results of the tests are summarized\nin Section IIIC. This information has been provided to the users of the FECA Special Benefit Fund and\nto their auditors to be taken in consideration, along with information about the internal controls at user\norganizations. In our opinion, the policies and procedures that were tested, as described in Section IIIB\nwere operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the\nspecified control objectives were achieved during the period from October 1, 2000 through April 30, 2001.\nHowever, the scope of our engagement did not include tests to determine whether control objectives not\nlisted in Section IIIC were achieved; accordingly, we express no opinion on the achievement of control\nobjectives not included in Section IIIC.\n\nThe relative effectiveness and significance of specific policies and procedures at DFEC and their effect on\nassessment of control risk at user organizations are dependent on their interaction with the policies and\nprocedures, and other factors present at individual user organizations. We have performed no procedures\nto evaluate the effectiveness of policies and procedures at individual user organizations.\n\nThe description of policies and procedures at DFEC is as of April 30, 2001, and information about tests\nof the Described Policies and Procedures of specified policies and procedures covers the period\nOctober 1, 2000 through April 30, 2001. Any projection of such information to the future is subject to the\nrisk that, because of change, the description may no longer portray the system in existence. The potential\neffectiveness of specified policies and procedures at DFEC is subject to inherent limitations and,\naccordingly, errors or irregularities may occur and not be detected. Furthermore, the projection of any\nconclusions based on our findings to future periods is subject to the risk that changes may alter the validity\nof such conclusions.\n\nThis report is intended solely for the information and use of the U.S. Department of Labor, General\nAccounting Office, Office of Management and Budget, users of the FECA Special Benefit Fund (Federal\nagencies listed in Section IIB of this report), and the independent auditors of its users.\n\n\n\nNovember 26, 2001\n\n\n\n\n                                                     28\n\x0c                                   SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nOVERVIEW OF SERVICES PROVIDED\n\nOverview\n\nThe Federal Employees\' Compensation Act Special Benefit Fund was established by FECA to provide\nincome and medical cost protection worldwide for job-related injuries, diseases, or deaths of civilian\nemployees of the Federal Government and certain other designated groups. The DOL-ESA is charged with\nthe responsibility of operation and accounting control of the Special Benefit Fund under the provisions of\nFECA. Within ESA, the Office of Workers\' Compensation Program, DFEC administers the FECA\nprogram.\n\nIn 1908, Congress passed legislation providing workers\' compensation to Federal workers whose jobs were\nconsidered hazardous. Due to the limited scope of this legislation, FECA was passed in 1916, extending\nworkers\' compensation benefits to most civilian Federal workers. FECA provided benefits for personal\ninjuries or death occurring in the performance of duty.\n\nFECA provides wage replacement (compensation) benefits and payment for medical services to covered\nFederal civilian employees injured on the job, employees who have incurred a work-related occupational\ndisease, and the beneficiaries of employees whose death is attributable to a job-related injury or\noccupational disease. Not all benefits are paid by the program since the first 45 days from the date of the\ntraumatic injury are usually covered by putting injured workers in a continuation of pay (COP) status.\nFECA also provides rehabilitation for injured employees to facilitate their return to work.\n\nActuarial Liability\n\nWithin ESA, the Division of Financial Management has been designated as the responsible agency to\ngenerate the annual FECA actuarial calculations. The Division of Planning, Policy and Standards (DPPS)\nhas the direct responsibility for preparing the actuarial liability and the initial review of the detailed\ncalculations. The DPPS also has the responsibility of investigating and revising the initial model\'s\ncalculations as deemed appropriate. The FECA actuarial liability is prepared on an annual basis as of\nSeptember 30, of each fiscal year.\n\nThe actuarial model was originally developed during 1991 as spreadsheets by a DOL Office of Inspector\nGeneral (OIG) contractor (a certified actuary). The model utilized the basic theory that future benefit\npayment patterns will reflect historic payment patterns. Under this approach, a projection can be made into\nfuture years based on historical payments. This selected approach is commonly referred to as the "paid loss\nextrapolation method." This method was chosen for its simplicity, availability of payment data, cost savings\nand reliability.\n\n\n\n\n                                                    29\n\x0c                                   SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nSince 1991, the number of agencies for whom the liability is calculated increased. These additional\nagencies are smaller in size than that of the agencies for whom the original model was developed. Historic\nextrapolation models are generally held to work best with larger populations. As a result, the calculations\nfrom year to year were more volatile than those for the original agencies, and preparing the estimates\nbecame increasingly cumbersome. Therefore, during FY 2000, DOL engaged actuaries to create a new\nmodel.\n\nThe new model shares its fundamental theory with the old model; future benefit payments are predicted\nbased upon the pattern of historical payments. As before, in order to run the model, the DPPS imports the\ncurrent year\'s actual FECA payments by each chargeback agency (FECA Chargeback System tapes). This\npayment data per agency is subdivided into incurred injury year cells to provide the extra dimension of the\nhistoric payment pattern. The chargeback tapes (historic basis) are maintained by the FECA Program,\nwhich supplies the historic data to DPPS annually. Both models included historical payments in constant\ndollars, inflation and discount factors as derived from OMB economic forecasting packages in its\ncalculations of future payments. Therefore, both models share a sensitivity to economic assumptions.\n\nHowever, the new model varies from the previous model. For instance, claims incurred but not reported\n(IBNR) was excluded from the previous model in accordance with Appendix B - Liability Recognition and\nMeasurement Matrix of SFFAS 5. The new model recognizes IBNR, which enhances its comparability to\nprivate sector insurance model. FASAB has concurred with its inclusion. Also, the previous model\npredicted future payments by multiplying the most recent year\'s payments by decay rates derived from\nhistorical payments. In contrast, the new model develops an estimate of total anticipated payments by\ninjury year, subtracts cumulative payments to date, and allocates the remaining payments to future years\npremised upon loss development factors.\n\nIn order to establish cumulative payments to date, the new model utilizes a backfilling technique, a casualty\nmodel methodology. Because FECA makes payments on injuries incurred as far back as 1952, and the old\nmodel\'s data base of payments begins in 1989, backfilling was necessary to complete the matrices of cost\nby injury to payment year. The technique consists of extrapolating patterns from actual payments for the\nyears included in the data base, and developing reverse decay rates to predict what the costs should have\nbeen in the years prior to the base of known payments.\n\nIn developing the backfilling factors, the model makes use of groupings of agencies. The groupings were\nestablished based upon a claim duration study performed by a DOL economist. Most agencies were placed\nin groups with a similar probability of a claim extending over a certain period of time. The agencies added\nsince 1991, were included in the group whose probabilities approximated the average of all the agencies.\nThe group is both affected by and affects the agencies within it. For instance, smaller agencies are more\naffected than larger agencies. Besides the development of the backfilling factors, the grouping affects the\npredicted loss development factors. The loss development factors are a weighted combination of agency,\ngroup, and all-agency factors. The new model includes extending the duration of the model until the\nestimated payments left to be paid expire.\n\n\n\n                                                     30\n\x0c                                    SECTION IIIB\n                  DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                              POLICIES AND PROCEDURES\n\nChargeback System\n\nDFEC is required to furnish to each agency and instrumentality, before August 15th of each year, a\nstatement or bill showing the total cost of benefits and other payments made during the period July 1\nthrough June 30. DFEC established the chargeback system to furnish these statements.\n\nThe chargeback system creates bills which are sent to each employing agency for benefits that have been\npaid on the agency\'s behalf. The bills are for a fiscal year inclusive of benefits paid from July 1 through\nJune 30. Each agency is required to include in its annual budget estimates for the fiscal year beginning in\nthe next calendar year, a request for an appropriation for the amount of these benefits. These agencies are\nthen required to deposit in the Treasury, the amount appropriated for these benefits to the credit of the\nFund within 30 days after the appropriation is available.\n\nIf an agency is not dependent on an annual appropriation, then the funds are required to be remitted during\nthe first 15 days of October following the issuance of the bill.\n\nThe bills sent to agencies for the chargeback system contain identifying codes that indicate both the year\nbeing billed and the year in which the bill is to be paid. Each bill sent out in fiscal year 2001 and due in\nfiscal year 2002 would be coded as follows: 01-XXX-02. The 01 indicates the year the bill is generated,\nthe XXX indicates the numerical sequence of the bill, and the 02 would indicate the year that the bill would\nbe due and paid.\n\nOperational Offices\n\nDFEC administers FECA through 12 district offices and a national headquarters located in Washington,\nD.C. The District offices and the areas covered by each District office are:\n\n                       Location of\n       District        District Office         States or Regions Covered by District Office\n          1            Boston                  Connecticut, Maine, Massachusetts, New Hampshire,\n                                               Rhode Island, Vermont\n           2           New York                New Jersey, New York, Puerto Rico, Virgin Islands\n           3           Philadelphia            Delaware, Pennsylvania, West Virginia\n           6           Jacksonville            Alabama, Florida, Georgia, Kentucky, Mississippi,\n                                               North Carolina, South Carolina, Tennessee\n           9           Cleveland               Indiana, Michigan, Ohio\n          10           Chicago                 Illinois, Minnesota, Wisconsin\n          11           Kansas City             Iowa, Kansas, Missouri, Nebraska, all DOL employees\n          12           Denver                  Colorado, Montana, North Dakota, South Dakota, Utah,\n                                               Wyoming\n          13           San Francisco           Arizona, California, Guam, Hawaii, Nevada\n          14           Seattle                 Alaska, Idaho, Oregon, Washington\n\n\n                                                    31\n\x0c                                   SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\n          16           Dallas                  Arkansas, Louisiana, New Mexico, Oklahoma, Texas\n          25           Washington, D.C.        District of Columbia, Maryland, Virginia,\n                                               and overseas/special claims\n          50           National Office         Branch of Hearings and Review\n\nSubservicer\n\nDFEC utilizes a subservicer, SunGard, to provide computer hardware and a communications network\nbetween the national office, the District offices and the U.S. Treasury, to maintain a tape library and disk\ndrive backup and for other computer mainframe functions. SunGard\xe2\x80\x99s control policies and procedures and\nrelated control objectives were omitted from the description of Control Objectives and Tests of Policies\nand Procedures contained in this report. Control Objectives and Tests of Policies and Procedures included\nin this report include only the objectives that DFEC\xe2\x80\x99s control policies and procedures are intended to\nachieve.\n\n\n\n\n                                                    32\n\x0c                                   SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nOVERVIEW OF CONTROL ENVIRONMENT\n\nAn organization\xe2\x80\x99s control environment reflects the overall attitude, awareness and actions of management\nand others concerning the importance of controls and the emphasis given to control in the organization\xe2\x80\x99s\npolicies and procedures, methods, and organizational structure. The following is a description of the key\npolicies and procedures that are generally considered to be part of the control environment.\n\nOrganization and Management\n\nOWCP is one of four agencies within ESA. DFEC is one of five divisions within OWCP.\n\n\n\n\n                                                   33\n\x0c                                 SECTION IIIB\n               DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                           POLICIES AND PROCEDURES\n\nDFEC has four branches:\n\n1.       Branch of Regulations and Procedures - This branch assists in developing claims and benefit\n         payment policies, regulations and procedures; prepares and maintains the program\'s manuals;\n         plans and conducts studies of claims and benefit payment functions; and participates in training\n         activities and accountability reviews of District offices.\n\n2.       Branch of Automatic Data Processing (ADP) Coordination and Control - This branch provides\n         ADP support services for the FECA program. It coordinates the overall ADP work of DFEC\n         and provides policy direction for ADP systems activities.\n\n3.       Branch of Technical Assistance - This branch develops materials for use by District offices and\n         other Federal agencies to educate Federal employees in reporting injuries and claiming\n         compensation under the FECA. They also hold workshops for compensation personnel in\n         various Federal agencies and for groups of employee representatives.\n\n4.       Branch of Hearings and Review - This branch is responsible for conducting hearings and reviews\n         of the written record in FECA cases. Hearing Representatives issue decisions which sustain,\n         reverse, modify, or remand cases to the OWCP District offices.\n\n\n\n\n                                                  34\n\x0c                                     SECTION IIIB\n                   DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                               POLICIES AND PROCEDURES\n\nBranch Operations\n\nA Branch chief reports directly to the Deputy Director. The Director and Deputy Director coordinate the\noperations of the 12 District offices.\n\nDistrict Offices\n\nA District Director (DD) oversees the daily operations at each of the 12 District offices. The DD in each\noffice oversees the claims section and a Fiscal Officer who oversees the Fiscal Section.\n\nThe District offices serve the persons residing within their district. When an individual moves from one\ndistrict to another, the individual\'s case file and responsibility for monitoring the case is transferred to the\ndistrict office where the individual has moved, unless the case is for a claimant specified as a special\nemployee. Cases specified as special employee cases are always processed at District office 50.\n\nThe specific functions within the District offices are:\n\n1.         Claims Functions. In each district office are two or more Supervisory Claims Examiners, who\n           are responsible for the operation of individual claims units, and a number of Senior Claims\n           Examiners and Claims Examiners (CE), who have primary responsibility for handling claims,\n           including authorization of compensation and eligibility for medical benefits. Individuals at each\n           level of authority from DD to CE have been delegated specific responsibilities for issuing\n           decisions on claims.\n\n2.         Fiscal Functions. Each District office usually has a Fiscal Operations Specialist and at least one\n           Benefit Payment Clerk. Some District offices have a Bill Pay Supervisor as well. The unit is\n           generally responsible for resolution of problems with medical bills, complex calculations of\n           benefits and overpayments, adjustments to compensation and bill pay histories, changes in health\n           benefits and life insurance coverage, and financial management records. In some District offices,\n           fiscal personnel enter compensation payments into the electronic system.\n\n3.         Medical Functions. Each District office usually has at least one District Medical Adviser (DMA)\n           who works under contract to review individual cases, and some District offices have a District\n           Medical Director (DMD) as well. Each District office also has a Medical Management\n           Assistant, who arranges referrals to second opinion and referee specialists. Each District office\n           also has a Staff Nurse, who is responsible for coordinating a number of field nurses who monitor\n           claimants\xe2\x80\x99 medical progress and assist their efforts to return to work.\n\n4.         Mail and File Functions. Personnel in this area open, sort, and place mail; set up case files, retire\n           case records according to established schedules; and transfer case files in and out of the District\n           office.\n\n\n\n                                                      35\n\x0c                                    SECTION IIIB\n                  DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                              POLICIES AND PROCEDURES\n\n5.         Vocational Rehabilitation Functions. Each District office has at least one Rehabilitation\n           Specialist (RS) and usually a Rehabilitation Clerk. The RS manages a number of Rehabilitation\n           Counselors, who work under contract with OWCP to help claimants obtain employment.\n\n\n\n                                       FECA District Office\n\n                                                Office of the\n                                               District Director\n\n\n\n                 Assistant                                 Branch of Operations\n                 District                                        Support\n                 Director\n\n\n\n             Claims Sections       Mail & File Section        Fiscal Section       Medical Section\n\n\n\n\n                                                             Bill Pay Section\n\n\n\n\nOVERVIEW OF TRANSACTION PROCESSING\n\nIdentification and Registration of the Recipient of FECA Benefits\n\nAuthorized recipients of FECA benefits are those individuals who meet all of five eligibility criteria. Injured\nworkers submit claim information to the district office which serves the geographical location in which the\nclaimant resides. Claims are processed by the district office using the Case Management File System\n(CMF).\n\nThe CMF uses a standard identification number of nine characters to identify each case file. This number\nis called the case number. All recipients of FECA benefits must have a unique case number recorded in the\nCMF, some individuals could have multiple case numbers if the individual has sustained more than one\ninjury.\n\nThe CMF maintains an automated file with identification on all individuals who have filed claims with\nFECA. These records contain data elements that identify the claimant, the mailing and/or location address\nfor the claimant, and additional injury information and case status information.\n\n\n\n                                                      36\n\x0c                                    SECTION IIIB\n                  DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                              POLICIES AND PROCEDURES\n\nBenefit Payments\n\nFECA claimants may be entitled to compensation for injury and lost wages, schedule awards, death benefits\nand payment of medical expenses related to the work-related injury. The payments for lost wages, schedule\nawards and death benefits are processed through the Automated Compensation Payment System (ACPS),\nwhile the payments for injury-related medical expenses are processed through the Bill Payment System\n(BPS). Each of these systems support the Department of Labor\'s general ledger system via an automated\ninterface.\n\nThe primary function of ACPS is to process the payment of weekly, monthly, and supplemental benefits\nto claimants. The ACPS interfaces with the CMF to ensure that approved claims are supported by a valid\ncase number. District office personnel input compensation payment data worksheets into the ACPS. The\ninputs onto the payment data worksheets are accumulated in batches in the ACPS and transmitted by the\nDistrict office to the national office every night. The mainframe computer, maintained by SunGard, runs\nautomated calculations to compute the payment schedule and transmits the schedule back to the District\noffices the next morning. The District offices review the payment schedules and if the information is\ncorrect, no further action is required and payments will be made during the next appropriate payment cycle.\n\nApproved payments are stored in a temporary file for the duration of the appropriate compensation\npayment cycle: Daily Roll (5 days), Death Benefits (28 days), or Disability (28 days). At the end of the\ncycle, the mainframe runs automated programs to format the data to Treasury specifications, to update the\ncompensation payment history files for use in the chargeback system, and to send summarized information\nto the District office Fund Control System. The specially formatted Treasury information is sent to\nTreasury via a secure modem over a dedicated line for payment processing.\n\nThe primary function of the BPS is to process payments to medical service providers or reimbursements\nto claimants for medical expenses incurred for the work-related injury. The national office has the\nresponsibility of compiling the BPS data on a nightly basis as it is transmitted from each District office.\nMedical bills containing charges for other than appliances, supplies, services or treatment provided and\nbilled for by nursing homes are subject to a medical fee schedule. The mainframe will run a zip code check\nand a comparison check of the amount to be paid to fee schedules in each geographical area. If the amount\nis in excess of the geographical fee schedule, the system will limit the payment to the maximum amount in\nthe fee range. A bill in which certain fields are the same is identified by the system as a potential duplicate\npayment, excluded from payment and sent to a bill resolver at the District office to determine if a duplicate\npayment exists.\n\nApproved payments are stored in a temporary file for the duration of the bill payment cycle of 5 days. At\nthe end of the cycle, the mainframe runs programs that format the data to Treasury specifications, updates\nthe bill payment history files for use in the chargeback system, and sends summarized information to the\nDistrict office Fund Control System. The specially formatted Treasury information is sent to Treasury via\nsecure modem over a dedicated line for payment processing. The following charts set forth an overview\nof transaction processing at DFEC:\n\n\n                                                      37\n\x0c                                         SECTION IIIB\n                       DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                                   POLICIES AND PROCEDURES\n\nProcessing of Compensation Payments\n\n\n\n    P:\\SHARE\\DOL\\99FECA\\FLOWCHRT\\97ACP2.AF3\n    Monday,CA-7,\n           JuneClaim\n                 17,for1996\n               Compensation is                                                                 T-Cup access CMF to\n                                                 CA-7 is date\n                                                                                               check for a valid case\n    3:33 PM     received in the                  stamped by            Data Entry Operator\n                   Mailroom                                            keys dates into T-Cup          number\n                                                  mail clerks\n\n\n\n\n                                    Claims                                                         Case file is\n                                                                     Claims Examiner\n                                   Examiner                                                       pulled from file\n                                                                     receives case file\n                                  approves or                                                      room by file\n                                                                       from mailroom\n                                  denies claim                                                         clerks\n\n\n\n\n                            Claims Examiners key\n                           approved or denied status\n                                  into ACPS\n\n\n   Claim Denied                                     Claim Accepted\n\n\n\n       Claimant is notified of                                                                    Payment is certified                ACPS stores\n                                       ACPS access CMF to              Payment is set up by\n        case determination                                                                           by a SrCE or                 approved payments\n                                         ensure case file                    a CE\n                                                                                                      equivalent                      for overnight\n                                          number is valid\n                                                                                                                                    transmission to\n                                                                                                                                  National mainframe\n\n\n\n\n                                                                District Office personnel         Main frame                   Mainframe receives\n                      CE approves or does                         receives CP-40 and               transmits                    payment data and\n                      not approve payment                        distributes to Claims          payment data to                calculates payments\n                                                                        Examiners                 district office                    schedule\n                            schedule\n\n\n\n\n     Not Approved\n                                                 Approved\n     (Fatal Errors)\n\n\n\n                                               Approved                        Payments not                      Payment\n         Claims Examiner\n                                            payments are                       changed are                    information is\n        re-inputs case and\n                                          submitted to Senior                   considered\n           resubmits for                                                                                      transmitted to\n                                           Claims Examiner\n             processing                                                          accepted                        Treasury\n                                            for verification\n\n\n\n\n                                                                              38\n\x0c                                 SECTION IIIB\n               DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                           POLICIES AND PROCEDURES\n\nProcessing of Medical Payments\n\n\n\n\n                                    39\n\x0c                                   SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nComputer-Generated Reports\n\nBPS generates a summary report, generated on a weekly basis, that is a history of bill payments for the\nweek. This report can be utilized for investigative purposes as well as for confirming whether a particular\nbill has been paid.\n\nThe ACPS generates a summary report on a daily basis which is a history of compensation payments. This\nreport can be utilized for investigative purposes as well as for confirming whether a particular claim has\nbeen paid. The mainframe transmits updated ACPS History Files to the District offices where they are\navailable for query purposes for 6 months. The mainframe retains the history files for query purposes for\n2 years before they are archived.\n\nChargeback System\n\nThe ACPS and BPS system history files are combined on a quarterly and annual basis to create the FECA\nChargeback Report. The FECA Chargeback System (CBS) is a subsidiary of DOLAR$. CBS provides\nmethods for tracking accounts receivable - intra-governmental activity while maintaining all financial data\ncentrally in DOLAR$. The June 30 year end FECA Chargeback Report is used to annually bill Federal\nagencies for payments made on their behalf for the period July 1 to June 30. The Office of Management\nand Planning (OMAP) provides quarterly benefit summaries to Federal agencies based on the FECA CBS.\n\nThe On-line Payment and Collection System (OPAC) is utilized to facilitate the electronic billing between\nFederal agencies through Treasury. OPAC\'s main responsibility is to process the SF-1081s. SF-1081\n(Voucher and Schedule of Withdrawals and Credits) is a form which authorizes the transfer of expenses\nor income from one Federal agency\'s appropriation to another for services rendered. The receivables are\ntracked in an internally maintained subsidiary ledger maintained by OMAP.\n\nThird Party Settlements\n\nAn injury or death for which compensation is payable to a FECA claimant that is caused under\ncircumstances creating a legal liability on a person or persons other than the United States (a third party)\nto pay damages will result in the case being classified as a third party case. Status codes are used to track\nthe progress of third party cases in the Case Management File System. OWCP usually requires the claimant\nto pursue legal action; however, the United States can pursue action on its own by requiring the beneficiary\nto assign rights of action to the United States.\n\nA letter (CA-1045) is sent to a claimant by the claims examiner when initial injury reports indicate a\npotential third party. The CA-1045 requests information about the injury, the third party and the actions\ntaken by the claimant in regards to pursuing a claim against the third party, including the hiring of an\nattorney.\n\n\n\n\n                                                     40\n\x0c                                    SECTION IIIB\n                  DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                              POLICIES AND PROCEDURES\n\nWhen the CE receives a reply to the CA-1045 (or does not receive a reply 30 days after the second request\nis sent to the claimant) or obtains the name and address of the attorney representing the claimant, the case\nis usually referred to a designated claims examiner (DCE).\n\nA case may be closed as "minor" and not pursued if the claimant has an injury where the total medical bills,\ncompensation and time lost from work do not exceed or are expected not to exceed $1,000. Additionally,\na case may only be closed as "minor" if the claimant has not responded to the CA-1045, or has responded\nbut is not personally asserting a third party claim and has not retained an attorney.\n\nThe DCE refers the case to the appropriate DOL, Solicitor (SOL) in the following instances:\n<       The case is not minor and advice is received that the claimant is negotiating a settlement.\n\n<          Advice is received that the claimant has retained an attorney to handle the third party action,\n           regardless of the amount of disbursements.\n\n<          The case is not minor and the claimant refuses to pursue the third party claim or does not reply\n           to the CA-1045.\n\n<          The third party case involves a death claim, a permanent disability, Job Corps, Peace Corps,\n           VISTA, an injury occurring outside the United States or Canada, a common carrier as the\n           potential defendant, malpractice, product liability or an injury to more than one employee.\n\nOnce referred to SOL, the DCE performs certain actions to ensure that the case is properly tracked while\nat SOL. For instance, after the initial referral, an updated disbursement statement is furnished to the SOL\nwithin 5 working days of receipt of the request. It is essential that initiation of, termination of, or changes\nin periodic roll payments be reported to the SOL immediately. Additionally, the DCE requests a status\nreport from the SOL at 6-month intervals.\n\nWhen a settlement is reached in a third party case, the DCE prepares a Form CA-164 which is a summary\nof all disbursements made to the claimant for compensation payments and to medical providers on the\nclaimants behalf, and forwards it to the fiscal section. If an amount owed from the claimant is received by\nOWCP, the amount is credited against the ACPS and BPS, as appropriate. By recording the amount in\nthe ACPS and BPS, the proper employing agency is credited with the amounts recovered from third party\nsettlements.\n\nIf the full amount of the third party refund is not received from the claimant, an accounts receivable balance\nis set up for the amount still due. If the amount recovered exceeds the amount already paid by OWCP to\nthe claimant for compensation and medical benefits, then the excess amount is recorded and tracked in the\ncase file to prohibit any additional benefits from being paid to the claimant until the amount of eligible\nbenefits to the claimant exceeds the excess amount.\n\n\n\n\n                                                      41\n\x0c                                   SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nOVERVIEW OF COMPUTER INFORMATION SYSTEMS\n\nThe computerized accounting system used by the Federal Employee\'s Compensation Special Benefit Fund\nmaintains all of the data for each of the claimants applying for FECA benefits. The Federal Employees\'\nCompensation Systems (FECS) is the electronic data processing system for FECA benefits. This computer\nsystem is comprised of the following five subsystems:\n\n<         Automated Compensation Payment System\n<         Medical Bill Processing System\n<         Case Management File\n<         Debt Management System\n<         Chargeback System\n\nThe FECS provides authorized users with on-line access to the various subsystems for file maintenance and\ninformation purposes. Access to the FECS through computer terminals located in both the national and\n12 District offices permits authorized users to perform a variety of functions, such as query, add, and\nupdate claims data, track claims and overpayments, calculate retroactive benefit payments and enroll\napproved claimants for benefits on the FECS.\n\nIn addition to storing information relevant to claims adjudication, benefit entitlement and payment status,\nthe FECS generates reports primarily used by management in administering the FECA Program. The\nsystem also processes payments for covered medical expenses and monthly and supplemental benefit\npayments to or on behalf of program beneficiaries.\n\nAccess to the FECS is limited to only certain employees, and their degree of access is based upon the user\'s\nfunction within the program. The FECA EDP security officer within the Branch of ADP Coordination and\nControl is responsible for assigning passwords and other procedures required to permit access to the FECS\nat the national office; District Systems Managers are responsible for assigning passwords and other\nprocedures required to permit access to the FECS at the District office level. Controls to restrict access\nto FECS to authorized personnel include the following (national and district office level):\n\n<         A security briefing is given for each person having access to the system.\n\n<         Access and an access profile for authorized users are established through a security software\n          package (Access Control Facility).\n\n<         Computer Information Control System establishes terminal access to the host computer.\n\n<         Log on attempts are restricted to three attempts.\n\n<         An audit trail report of unauthorized attempts to access the system is available.\n\n<         Terminals are secured in locked rooms at the end of the work day.\n\n<         Written procedures exist for both physical hardware and software security.\n\n                                                    42\n\x0c                                   SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nOrganization and Administration\n\nA System Administrator is responsible for overseeing all the data processing activity of FECS. DFEC\nemploys approximately 7 individuals within the Branch of ADP Coordination and Control and has contracts\nwith outside computer consulting firms, Computer Data System, Inc. (CDSI), and Viatech through which\napproximately 30 individuals work with DFEC. CDSI and Viatech provide software development and\nmaintenance for DFEC.\n\nAt each District office, a System Manager is responsible for overseeing all the data processing activity\nperformed at the district level (including user access). The System Managers are under the supervision of\nthe Division of Information Technology Management and Services (DITMS). DITMS includes both\nFederal Government employees and outside contractors. The System Managers have access to system data\nfor report generation and submission purposes. The System Managers can only extract information from\nthe database and cannot change any of the source codes (i.e., programs).\n\nThe function of DITMS is to maintain computer networks, operating systems, and computer hardware\nsystems for the DOL environment. DITMS installs all of the data processing applications and modifications\ndeveloped by DFEC. In addition, DITMS is responsible for the management controls surrounding the host\nmainframe application of FECS, such as assignment and maintenance of system support personnel to the\nmainframe and access violations monitoring.\n\nOperations\n\nThe Office of the Assistant Secretary for Administration and Management contracted with SunGard\nComputer Services, Inc. (SunGard), for computer mainframe time-sharing services. SunGard provides\ncomputer hardware and a communications network between the national office, the district offices and the\nU. S. Treasury. In addition, SunGard maintains a tape library and disk drive backup. The SunGard\ndatabase includes all medical and disability compensation payment information since 1978.\n\nThere are four levels of hardware, software, communications, supplies and facility resources for DFEC:\nSunGard mainframe, national office Sequent minicomputers, district office Sequent minicomputers and the\nuser and programmer development terminal personal computers with authorized access into the mainframe\nor minicomputer system.\n\nThere are formal operator and user manuals for some components of the system. There are extensive input\nedit checks in the software. Errors are automatically rejected by the system and queued for review by the\nappropriate individuals. Reports that track the errors, including aging information, are routinely produced.\n\n\n\n\n                                                    43\n\x0c                                    SECTION IIIB\n                  DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                              POLICIES AND PROCEDURES\n\nDocumentation\n\nHardware: DITMS maintains an extensive list of the hardware used in the FECS processing at all sites.\n\nSoftware: DITMS maintains an extensive list of the third party software used in the FECS processing\nwhich includes operating system software, compilers and utilities. DFEC is responsible for the maintenance\nof FECS application software. All the hardware and software modifications are controlled by DOL.\nOWCP requests the modifications, DFEC designs and tests the modification, and DITMS installs the\nmodifications.\n\nAcceptance testing is performed by DOL using an environment that closely copies the development\nenvironment. The procedures used for the acceptance testing varies according to subsystem. No formal\ndocumentation of the acceptance testing is maintained. However, DFEC maintains a history of all prior\nsource code versions which provides evidence of all modifications of the source code.\n\nThe System Administrator has an assistant responsible for computer design development, programming\nand analysis. Another assistant of the System Administrator is responsible for evaluating the testing of all\nnew and modified source codes (programming) and the distribution to the district offices. Additionally,\nthis assistant supervises all staff programmers.\n\nAnti-Virus Control\n\nThe FECS currently runs a variety of anti-virus or virus checking routines. Each file server runs an anti-\nvirus module resident on the server. The local area networks (LANs) are "dustless" LANs. When disks\nare scanned (e.g., for the installation of new software), anti-virus software is used to scan disks to identify\nand remove viruses. Personal computers are attached to LANs in OWCP District offices utilize hard drives\nin addition to the central file server. All of the personal computers utilize an anti-virus software and can\nbe run in a scheduled or unscheduled ad hoc mode.\n\nSubservicer\n\nDFEC utilizes a subservicer, SunGard, to provide computer hardware and a communications network\nbetween the national office, the District offices and the U.S. Treasury, to maintain a tape library and disk\ndrive backup and for other computer mainframe functions.\n\n\n\n\n                                                      44\n\x0c                                   SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nCONTROL OBJECTIVES AND RELATED POLICIES AND PROCEDURES\n\nDFEC\'s control objectives and related policies and procedures are included in Section IIIC of this report,\n"Information Provided by the Service Auditor," to eliminate the redundancy that would result from listing\nthem here. Although the control objectives and related policies and procedures are included in Section\nIIIC, they are, nevertheless, an integral part of DFEC\'s description of policies and procedures.\n\nUSER CONTROL CONSIDERATIONS\n\nDFEC\'s processing of transactions and the control policies and procedures over the processing of\ntransactions were designed with the assumption that certain internal control policies and procedures should\nbe in operation at user organizations to complement the control policies and procedures at DFEC. User\nauditors should determine whether user organizations have established internal control policies and\nprocedures to ensure that:\n\nC         Employing agencies understand their responsibilities under FECA.\n\nC         Employing agencies provide injured employees with accurate and appropriate information\n          regarding injuries covered under FECA, including the employees\' rights and obligations and\n          claim forms.\n\nC         Employing agencies timely and accurately report all work-related injuries and deaths to DFEC\n          via the injury and death reporting forms such as the CA-1, CA-2, and CA-5, once completed by\n          injured employee or claimant in the case of death. Supervisors should encourage persons\n          witnessing injuries to record and report what was witnessed to DFEC.\n\nC         Employing agencies provide complete and accurate information regarding a claimant\xe2\x80\x99s rate of\n          pay, hours worked, leave taken, and continuation of pay to DFEC.\n\nC         Employing agencies promptly controvert questionable claims.\n\nC         Employing agencies monitor the medical status of injured employees to be aware of what work\n          the injured employee is capable of to enable the employing agency to provide additional\n          information on the requirements of a position, or modified position, when applicable.\n\nC         Employing agencies assist DFEC in returning employees to work by establishing or identifying\n          positions, either modified or light-duty, to return the injured employee to work as early as\n          possible. The Employing agency also needs to inform DFEC directly of the positions available.\n\nC         Employing agencies review the chargeback coding notification (postcard) sent by DFEC when\n          an injury report is received to ensure the individual will be charged to the proper agency and\n          department.\n\n\n\n\n                                                    45\n\x0c                            SECTION IIIB\n          DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                      POLICIES AND PROCEDURES\n\nC   Employing agencies review quarterly chargeback billings to ensure that each injured employee\n    charged to their department and agency are employees or former employees of the agency, and\n    that the amounts charged for compensation costs appear reasonable in light of the injured\n    employee\'s compensation and the date of injury.\n\n\n\n\n                                           46\n\x0c                                   SECTION IIIC\n                    INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\nThis report is intended to provide users of the FECA Special Benefit Fund with information about the\ncontrol policies and procedures at the DFEC that may affect the processing of user organizations\'\ntransactions, general computer controls and also to provide users with information about the policies and\nprocedures that were tested. This report, when combined with an understanding and assessment of the\ninternal control policies and procedures at user organizations, is intended to assist user auditors in (1)\nplanning the audit of the user organizations\' financial statements and (2) assessing control risk for assertions\nin user organizations\' financial statements that may be affected by policies and procedures at DFEC.\n\nOur testing of DFEC\'s internal control policies and procedures was restricted to the control objectives and\nthe related policies and procedures listed in this section of the report and was not extended to procedures\ndescribed in Section IIIB but not included in this section or to procedures that may be in effect at user\norganizations. It is each user auditor\'s responsibility to evaluate this information in relation to the internal\ncontrol policies and procedures in place at each user organization. If certain complementary controls are\nnot in place at user organizations, DFEC\'s internal control policies and procedures may not compensate\nfor such weaknesses.\n\nTESTS OF CONTROL ENVIRONMENT ELEMENTS\n\nThe control environment represents the collective effect of various elements in establishing, enhancing or\nmitigating the effectiveness of specific policies and procedures. In addition to tests of the policies and\nprocedures listed in this section of this report, our procedures also included tests of and consideration of\nthe relevant elements of the DFEC\'s control environment including:\n\nC          DFEC\'s organizational structure and the segregation of duties\nC          Management control methods\nC          Management policies and procedures\n\nSuch tests included inquiry of appropriate management, supervisory, and staff personnel; inspection of\nDFEC\'s documents and records; observation of DFEC\'s activities and operations; and a limited review and\nevaluation of SunGard\'s, the subservicer, most recent SAS 70 report, issued for the period from October\n1, 1999 to September 30, 2000. The results of these tests were considered in planning the nature, timing,\nand extent of our tests of the specified control policies and procedures related to the control objectives\ndescribed within this report.\n\nSAMPLING METHODOLOGY\n\nTo facilitate the testing of transaction processing controls, we developed a sampling plan as outlined below.\n\nWe performed tests on a sample of compensation for lost wages, schedule awards, death benefits and\nmedical benefit payments paid during the period October 1, 2000 to April 30, 2001, at 5 of 12 District\noffices. The sample design involved a two stage process.\n\nThe first stage in our sample design was the selection of district offices. District offices were randomly\nselected by first forming two strata of the districts and then taking all the districts from the first strata, and\nselecting two districts from the second strata. This procedure resulted in the selection of five district\n\n\n                                                       47\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\noffices. The 5 district offices comprised approximately $800 million of the $1.301 billion or 61.5 percent,\nof FECA payments during the seven month period ended April 30, 2001.\n\nThe second stage of the sample design was the selection of sampling units. The sampling units were a\nsingle medical payment or total compensation payments to a case number. The universe of the sample\ndistricts was stratified into 13 strata for the compensation payments and into 12 strata for the medical\npayments. The sample size was determined for each of the 13 strata for compensation and 12 strata for\nthe medical payments using the following parameters:\n\nC         The total number of items and dollar value of the strata universe\n\nC         The estimated variance within each strata\n\nC         A 95% confidence level (5% risk of incorrect acceptance)\n\nC         A variable sampling precision (2.8% to 4.6%) of the point estimate\n\nC         Materiality and tolerable error as defined for FECA benefit payments\n\nUsing statistical formulas, these parameters yielded a total sample of 359 items. Of the total sample, 182\nwere medical payments and 177 were compensation payments. The sample items were then randomly\nselected.\n\nOur detailed substantive testing was performed at the following district offices with the following number\nof items tested:\n                                                                            Number of\n                         District Office                                 Statistical Items\n                         Philadelphia                                            71\n                         Jacksonville                                            78\n                         Denver                                                  56\n                         San Francisco                                           80\n                         Dallas                                                  74\n                         Total                                                 359\n\n\n\n\n                                                    48\n\x0c                                  SECTION IIIC\n                   INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\nOur testing at the district offices consisted of control tests in the following categories:\n\n           Case Creation                                            Payment Processing\n           Initial Eligibility                                      Schedule Awards\n           File Maintenance                                         Death Benefits\n           Continuing Eligibility-Medical Evidence                  Medical Bill Payment Processing\n           Continuing Eligibility-Earnings Information              Third Party Settlements\n\n\nThe number of sample items for control tests was statistically selected based on the sampling plan detailed\nabove. The number of sample items tested was determined based on the number of items to which the test\nof controls applied. The control tests would not be applicable to some sample items due to factors such\nas the age of the injury. Additional testing was performed on items which were selected in a non-statistical\nmethod.\n\nInitial Eligibility Cases\n\nAudit queries were generated which determined all of the cases in which claimants were injured and began\nreceiving compensation during the sampling period of October 1, 2000 to April 30, 2001. From a\npopulation of 874 initial eligibility cases in the 5 district offices tested, a random sample of 50 cases, 10\ncases per district office, was selected. We reviewed the case files to ensure that the proper procedures had\nbeen followed in determining whether or not the claimants were eligible to receive benefit payments and\nwhether benefit payments were paid at the correct amount.\n\nMultiple Claim Payments\n\nAudit queries were generated which compared certain elements of each compensation payment made\nduring the period October 1, 2000 through April 30, 2001. The query compared case files in which the\nsocial security number was the same for multiple case files. This situation would normally occur when an\nemployee has suffered more than one injury, as a separate case number is assigned for each injury. We\nanalyzed the payments to ensure that a claimant was not receiving excessive or overlapping compensation.\nWe removed from the population of 1,008 multiple claim payments, the cases tested in previous years\nwhich resulted in no errors, resulting in a population of 976 multiple claim compensation payment items\nto be tested. We tested 75 claimants, 25 from each of the 5 district offices for whom compensation\npayments for an overlapping period of time were made on more than one case.\n\nGross Override\n\nAudit queries were generated which determined all cases on which the amount of compensation to be paid\nwas manually overridden from what the ACPS calculated the payment should be. We selected instances\nwhere the amount paid as a result of the override was more than the amount that the ACPS had calculated\nshould be paid. We tested all 19 cases which were identified for the five district offices in which testwork\nwas to be performed.\n\nThird Party Settlements\n\n\n                                                     49\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\nAudit queries were generated which determined all claimants that had a third party status indicator in the\nCMF. We then randomly selected 35 cases from a population of 2,356 cases with third party indicators,\nactive within the past year, in the district offices in which test work was to be performed.\n\nCurrent Medical\n\nAudit queries were generated which determined all cases with a short term liability status, on which\ncompensation was currently being paid, but for which no medical payment were made in the past two years,\nto determine which cases may not have current medical evidence. We then randomly selected 50 cases\nfrom a population of 251 cases which met our query definition, in the district offices in which test work\nwas to be performed.\n\nProvider Type\n\nAudit queries were generated which determined medical bill payments made to chiropractors on claimant\ncases for which the accepted condition did not involve the back or neck to determine if the proper\nproviders type was being used and payments were properly supported with specifically required medical\nevidence. We then randomly selected 50 cases from a population of 2,936 payments which met our query\ndefinition, in the district offices in which test work was to be performed.\n\nDuplicate Payments\n\nAudit queries were generated which determined medical bill payments which appeared to have been made\nin duplicate and were over $5,000. We tested all 10 medical bill payments which were identified for the\nfive district offices in which testwork was to be performed.\n\n\n\n\n                                                   50\n\x0c                                      SECTION IIIC\n                       INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\nSummary of Sample Items\n\nThe following sample items were selected for substantive testing of transactions:\n\n Sample Type                 Philadelphi    Jacksonville   Denver      San      Dallas   Sub-         Sub-    Total\n                                  a                                 Francisco            Total        Total\n\n Lost Wages (S)                  33             34           21        24        25      137\n\n Death (S)                          3            3              3       3         3       15          177\n                                                                                                              359\n Schedule Award (S)                 3            1              2       8        11       25\n\n Medical Bills(S)                34             40           28        45        35            182\n\n Initial Eligibility (N)         10             10           10        10        10              50\n\n Multiple Claim(N)               15             15           15        15        15              75           144\n\n Gross Override(N)                  0            5              4       6         4              19\n\n Provider Type (N)               10             10           10        10        10                   50\n\n Potential Duplicates(N)            0            6              0       1         3                   10\n\nThe following sample items were selected for testing of internal controls:\n\n Sample Type               Philadelphia    Jacksonville    Denver      San      Dallas   Sub-         Sub-    Total\n                                                                    Francisco            Total        Total\n\n Lost Wages (S)                15              17           21         14        15       82\n\n Death (S)                      3               3            3         3          3       15          112\n                                                                                                              194\n Schedule Award (S)             3               1            2         4          5       15\n\n Medical Bills(S)              23              16           11         18        14              82\n\n Initial Eligibility (N)       10              10           10         10        10                   50\n\n Third Party (N)                7               7            7         7          7                   35\n\n Current Medical (N)           10              10           10         10        10                   50\n\n(S) - Statistically selected sample\n(N) - Non-statistically selected sample\n\n\n\n\n                                                           51\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\nCONTROL OBJECTIVES, RELATED POLICIES AND PROCEDURES, AND TESTS OF\nDESCRIBED POLICIES AND PROCEDURES\n\nThis section presents the following information provided by the DFEC:\n\nC         The control objectives specified by management of DFEC.\nC         The policies and procedures established and specified by DFEC to achieve the specified control\n          objectives.\n\nAlso included in this section is the following information provided by the service auditor:\n\nC         A description of the tests performed on the described policies and proecdures by the service\n          auditor to determine whether DFEC\'s control policies and procedures were operating with\n          sufficient effectiveness to achieve stated control objectives.\n\nC         The results of the service auditors\' tests of the described policies and procedures.\n\n\n\n\n                                                   52\n\x0c                                  SECTION IIIC\n                   INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          GENERAL COMPUTER CONTROLS\n\nControl Objective: General Computer Controls - Control policies and procedures provide reasonable\nassurance that DFEC has generally established computer controls over entity-wide security, access\ncontrols, application software development and change controls, segregation of duties, systems software,\nand service continuity.\n\nDescription of Policies and Procedures\n\nEntity-wide security\n\nESA, of which DFEC is a division, periodically assesses risk through independent risk assessments which\nare performed and documented on a regular basis or whenever systems, facilities, or other conditions\nchange. The risk assessments consider data sensitivity and integrity and range of risks to the entity\'s\nsystems and data; and, final risk determinations and related management approvals are documented and\nmaintained on file.\n\nESA, of which DFEC is a division, has drafted a security program plan that: covers all major facilities and\noperations, has been approved by key affected parties, and covers the topics prescribed by OMB Circular\nA-130 (general support systems/major applications): Rules of the system/Application rules, Training/\nSpecialized training, Personnel controls/Personnel security, Incident response capability/ Continuity of\nsupport/Contingency planning, Technical security/Technical controls, System interconnection/Information\nsharing, Public access controls, access controls, application software development and change controls,\nsegregation of duties, systems software, and service continuity. The plan is reviewed periodically and\nadjusted to reflect current conditions and risks.\n\nESA\xe2\x80\x99s security program plan establishes a security management structure with adequate independence,\nauthority, and expertise. An information systems security manager has been appointed at an overall level\nand at appropriate subordinate levels.\n\nThe security plan clearly identifies who owns computer-related resources and who is responsible for\nmanaging access to computer resources. Security responsibilities and expected behaviors are clearly\ndefined for: (1) information resource owners and users (2) information resources management and data\nprocessing personnel (3) senior management (4) security administrators.\n\nESA has implemented an ongoing security awareness program that includes first-time training for all new\nemployees, contractors, and users, and periodic refresher training thereafter. Security policies are\ndistributed to all affected personnel, including system/application rules and expected behaviors.\n\nESA\'s incident response capability has the characteristics suggested by industry standards: use of virus\ndetection software, an understanding of the constituency being served, an educated constituency that trusts\nthe incident handling team, a means of prompt centralized reporting, response team members with the\nnecessary knowledge, skills, and abilities, and links to other relevant groups.\n\nFor prospective employees, references are contacted and background checks performed. Periodic\nreinvestigations are performed at least once every 5 years, consistent with the sensitivity of the position per\ncriteria from the Office of Personnel Management. Regularly scheduled vacations exceeding several days\n\n                                                      53\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\nare required, and the individual\'s work is temporarily reassigned. Regular job or shift rotations are\nrequired. Termination and transfer procedures include: exit interview procedures; return of property, keys,\nidentification cards, passes, etc.; notification to security management of terminations and prompt revocation\nof IDs and passwords; immediately escorting terminated employees out of the entity\'s facilities; and\nidentifying the period during which non-disclosure requirements remain in effect.\n\nSkill needs are accurately identified and included in job descriptions, and employees meet these\nrequirements. A training program has been developed. Employee training and professional development\nare documented and monitored.\n\nESA\xe2\x80\x99s Information Systems security program is subjected to periodic reviews. Major applications undergo\nindependent review or audit at least every 3 years. Major systems and applications are accredited by the\nmanagers\' whose missions they support.\n\n                     Tests of Described Policies and Procedures:                                 Results of Tests\n\n Reviewed risk assessment policies, the most recent high-level risk assessment, and       No exceptions were noted.\n the objectivity of personnel who performed and reviewed the assessment.\n\n Reviewed the security plan and determined whether the plan covered the topics            The business continuity and\n prescribed by OMB Circular A-130 and reviewed any related documentation which            incident response section\n indicated that the security plan had been reviewed and updated, and was current.         referencing capabilities are\n                                                                                          not fully implemented. A risk\n                                                                                          based approach to the security\n                                                                                          plan is not implemented. No\n                                                                                          other exceptions were noted.\n\n Reviewed the entity\'s organization chart; job descriptions; documentation                No exceptions were noted.\n supporting or evaluating the awareness program; memos, electronic mail files, or\n other policy distribution mechanisms. Interviewed security management staff.\n Interviewed security manager, response team members and system users. Review\n documentation supporting incident handling activities. Determine qualifications of\n response team members.\n\n Review hiring policies. For a selection of recent hires, inspected personnel files and   No exceptions were noted.\n determine whether references have been contacted and background investigations\n have been performed. Review reinvestigation policies. For a selection of sensitive\n positions, inspect personnel files and determine whether background\n reinvestigations have been performed. Review policies on confidentiality or security\n agreements. For a selection of such users, determine whether confidentiality or\n security agreements are on file. Review vacation policies. Inspect personnel records\n to identify individuals who have not taken vacation or sick leave. Determine who\n performed vacationing employee\xe2\x80\x99s work during vacation.\n\n Reviewed job descriptions for security management personnel, and for a selection of      Security-related personnel\n other personnel; training program documentation; training records and related            policies do not require\n documentation showing whether such records were monitored and whether                    confidentiality or security\n employees were receiving the appropriate training.                                       agreements. No other\n                                                                                          exceptions were noted.\n\nDescription of Policies and Procedures\n\n                                                           54\n\x0c                                  SECTION IIIC\n                   INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          GENERAL COMPUTER CONTROLS\n\nAccess Controls\n\nClassifications and criteria have been established and communicated to resource owners. Resources are\nclassified based on risk assessments; classifications are documented and approved by an appropriate senior\nofficial and are periodically reviewed.\n\nAccess authorizations are documented on standard forms and maintained on file, approved by senior\nmanagers, and securely transferred to security managers. Owners periodically review access authorization\nlistings and determine whether they remain appropriate. The number of users who can dial into the system\nfrom remote locations is limited and justification for such access is documented and approved by owners.\n\nSecurity managers review access authorizations and discuss any questionable authorizations with resource\nowners. All changes to security profiles by security managers are automatically logged and periodically\nreviewed by management independent of the security function. Unusual activity is investigated. Security\nis notified immediately when system users are terminated or transferred.\n\nEmergency and temporary access authorizations are documented on standard forms and maintained on file,\napproved by appropriate managers, securely communicated to the security function; and automatically\nterminated after a predetermined period.\n\nStandard forms are used to document approval for archiving, deleting, or sharing data files. Prior to sharing\ndata or programs with other entities, agreements are documented regarding how those files are to be\nprotected. Facilities housing sensitive and critical resources have been identified. All significant threats\nto the physical well-being of sensitive and critical resources have been identified and related risks\ndetermined. Access is limited to those individuals who routinely need access through the use of guards,\nidentification badges, or entry devices, such as key cards. Management regularly reviews the list of persons\nwith physical access to sensitive facilities. Keys or other access are needed to enter the computer room\nand tape/media library. All deposits and withdrawals of tapes and other storage media from the library are\nauthorized and logged. Unissued keys or other entry devices are secured. Emergency exit and re-entry\nprocedures ensure that only authorized personnel are allowed to reenter after fire drills, etc.\n\nVisitors to sensitive areas, such as the main computer room and tape/media library, are formally signed in\nand escorted. Entry codes are changed periodically. Visitors, contractors, and maintenance personnel are\nauthenticated through the use of preplanned appointments and identification checks. Passwords are unique\nfor specific individuals, not groups; controlled by the assigned user and not subject to disclosure; changed\nperiodically--every 30 to 90 days; not displayed when entered; at least 6 alphanumeric characters in length;\nand prohibited from reuse for at least 6 generations. Use of names or words is prohibited. Vendor-supplied\npasswords are replaced immediately. Generic user IDs and passwords are not used. Attempts to log on\nwith invalid passwords are limited to 3-4 attempts.\n\nPersonnel files are automatically matched with actual system users to remove terminated or transferred\nemployees from the system. Password files are encrypted. For other devices, such as tokens or key cards,\nusers maintain possession of their individual tokens, cards, etc. and understand that they must not loan or\nshare these with others and must report lost items immediately.\n\n\n                                                     55\n\x0c                                   SECTION IIIC\n                    INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                           GENERAL COMPUTER CONTROLS\n\nAn analysis of the logical access paths is performed whenever system changes are made. Security software\nis used to restrict access. Access to security software is restricted to security administrators only.\nComputer terminals are automatically logged off after a period of inactivity. Inactive users\' accounts are\nmonitored and removed when not needed. Security administration personnel set parameters of security\nsoftware to provide access as authorized and restrict access that has not been authorized. This includes\naccess to data files, load libraries, batch operational procedures, source code libraries, security files, and\noperating system files. Naming conventions are used for resources.\n\nDatabase management systems (DBMS) and data dictionary controls have been implemented that restrict\naccess to data files at the logical data view, field, or field-value level; control access to the data dictionary\nusing security profiles and passwords; maintain audit trails that allow monitoring of changes to the data\ndictionary; and provide inquiry and update capabilities from application program functions, interfacing\nDBMS or data dictionary facilities. Use of DBMS utilities is limited. Access and changes to DBMS\nsoftware are controlled. Access to security profiles in the data dictionary and security tables in the DBMS\nis limited.\n\nCommunication software has been implemented to verify terminal identifications in order to restrict access\nthrough specific terminals; verify IDs and passwords for access to specific applications; control access\nthrough connections between systems and terminals; restrict an application\'s use of network facilities;\nprotect sensitive data during transmission; automatically disconnect at the end of a session; maintain\nnetwork activity logs; restrict access to tables that define network options, resources, and operator profiles;\nallow only authorized users to shut down network components; monitor dial-in access by monitoring the\nsource of calls or by disconnecting and then dialing back at preauthorized phone numbers; restrict in-house\naccess to telecommunications software; control changes to telecommunications software; ensure that data\nare not accessed or modified by an unauthorized user during transmission or while in temporary storage;\nand restrict and monitor access to telecommunications hardware or facilities.\n\nIn addition to logical controls: the opening screen viewed by a user provides a warning and states that the\nsystem is for authorized use only and that activity will be monitored, dial-in phone numbers are not\npublished and are periodically changed, cryptographic tools have been implemented to protect the integrity\nand confidentiality of sensitive and critical data and software programs. Procedures have been implemented\nto clear sensitive data and software from discarded and transferred equipment and media. All activity\ninvolving access to and modifications of sensitive or critical files is logged.\n\nSecurity violations and activities, including failed logon attempts, other failed access attempts, and sensitive\nactivity, are reported to management and investigated. Security managers investigate security violations\nand report results to appropriate supervisory and management personnel. Appropriate disciplinary actions\nare taken. Violations are summarized and reported to senior management. Access control policies and\ntechniques are modified when violations and related risk assessments indicate that such changes are\nappropriate.\n\n\n\n\n                                                       56\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n                     Tests of Described Policies and Procedures                                Results of Tests\n\nReviewed policies and procedures and resource classification documentation and           No exceptions were noted.\ncompared to risk assessments. Discussed any discrepancies with appropriate\nofficials. Interviewed resource owners.\n\nReviewed pertinent written policies and procedures. For a selection of users, (both      No exceptions were noted.\napplication user and IS personnel), review access authorization documentation.\nInterview owners and review supporting documentation. Determine whether\ninappropriate access is removed in a timely manner. For a selection of users with\ndial-up access, review authorization and justification. Interview security managers\nand review documentation provided to them. Review a selection of recent profile\nchanges and activity logs. Obtain a list of recently terminated employees from\nPersonnel, and for a selection, determine whether system access was properly\nterminated.\n\nCompared a selection of both expired and active temporary and emergency                  No exceptions were noted.\nauthorizations (obtained from the authorizing parties) with a system-generated list\nof authorized users.\n\nExamined standard approval forms and documents authorizing file sharing and file         No exceptions were noted.\nsharing agreements. Interviewed data owners.\n\nReviewed a diagram of the physical layout of the computer and telecommunications         No exceptions were noted.\nfacilities, risk analysis, lists of individuals authorized access to sensitive areas,\nvisitor entry logs, documentation on and logs of entry code changes, procedures for\nthe removal and return of storage media from and to the library, written emergency\nprocedures, a system-generated list of current passwords, security software password\nparameters, a list of IDs and passwords, dump of password files (e.g., hexadecimal\nprintout), a system generated list of inactive log on IDs, and determined why access\nfor these users had not been terminated, documentation supporting prior fire drills,\nDBMS and Data dictionary security parameters and security system parameters.\nWalk through facilities.\n\nReview access path diagram.                                                              No exceptions were noted.\n\nObserved entries to and exits from facilities, including sensitive areas during and      No exceptions were noted.\nafter normal business hours, utilities access paths, practices for safeguarding keys\nand other devices, appointment and verification procedures for visitors, a fire drill,\nusers keying in passwords, terminals in use.\n\nInterviewed management, employees, guards at facility entry, users and security          No exceptions were noted.\nmanagers and database administrator\n\nSelected from the log some returns and withdrawals, verified the physical existence      No exceptions were noted.\nof the tape or other media, and determined whether proper authorization was\nobtained for the movement.\n\nAttempted to log on without a valid password; made repeated attempts to guess            No exceptions were noted.\npasswords. Attempted to log on using common vendor supplied passwords.\nSearched password file using audit software. Assessed procedures for generating\nand communicating passwords to users. Evaluated biometric or other technically\nsophisticated authentication techniques.\n\n\n\n\n                                                            57\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n                      Tests of Described Policies and Procedures                                Results of Tests\n\n Performed penetration testing by attempting to access and browsed computer               No relevant exceptions were\n resources.                                                                               noted.\n\n Reviewed pertinent policies and procedures. Reviewed parameters set by                   No exceptions were noted.\n telecommunications software or teleprocessing monitors. Tested\n telecommunications controls by attempting to access various files through\n communications networks. Identified all dial-up lines through automatic dialer\n software routines and compare with known dial-up access. Interviewed\n telecommunications management staff and users.\n\n Reviewed written procedures. Interviewed personnel responsible for clearing              No exceptions were noted.\n equipment and media. For a selection of recently discarded or transferred items,\n examined documentation related to clearing of data and software.\n\n Reviewed security software settings to identify types of activity logged, security       No exceptions were noted.\n violation reports and documentation showing reviews of questionable activities.\n\n Tested a selection of security violations to verify that follow-up investigations were   No exceptions were noted.\n performed and to determine what actions were taken against the perpetrator.\n\n Interviewed senior management and personnel responsible for summarizing                  No exceptions were noted.\n violations and reviewed any supporting documentation.\n\nDescription of Policies and Procedures\n\nApplication Software Development and Change Controls\n\nSystem Development Lice Cycle (SDLC) methodology has been developed that provides a structured\napproach consistent with generally accepted concepts and practices, including active user involvement\nthroughout the process, is sufficiently documented to provide guidance to staff with varying levels of skill\nand experience, provides a means of controlling changes in requirements that occur over the system\'s life,\nand includes documentation requirements. Program staff and staff involved in developing and testing\nsoftware have been trained and are familiar with the use of the organization\'s SDLC methodology.\n\nSoftware change request forms are used to document requests and related approvals. Change requests\nmust be approved by both system users and data processing staff. Clear policies restricting the use of\npersonal and public domain software have been developed and are enforced. DFEC uses virus\nidentification software.\n\nTest plan standards have been developed for all levels of testing that define responsibilities for each party\n(e.g., users, system analysts, programmers, auditors, quality assurance, library control). Detailed system\nspecifications are prepared by the programmer and reviewed by a programming supervisor. Software\nchanges are documented so that they can be traced from authorization to the final approved code and they\nfacilitate "trace-back" of code to design specifications and functional requirements by system testers. Test\nplans are documented and approved that define responsibilities for each party involved (e.g., users, systems\nanalysts, programmers, auditors, quality assurance, library control). Unit, integration, and system testing\nare performed and approved in accordance with the test plan and applying a sufficient range of valid and\n\n\n                                                             58\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\ninvalid conditions. A comprehensive set of test transactions and data has been developed that represents\nthe various activities and conditions that will be encountered in processing. Live data is not used in testing\nprogram changes, except to build test data files. Test results are reviewed and documented. Program\nchanges are moved into production only upon documented approval from users and system development\nmanagement.\n\nDocumentation is updated for software, hardware, operating personnel, and system users when a new or\nmodified system is implemented. Data center management and/or the security administrators periodically\nreview production program changes to determine whether access controls and change controls have been\nfollowed.\n\nEmergency changes are documented and approved by the operations supervisor, formally reported to\ncomputer operations management for follow-up, and approved after the fact by programming supervisors\nand user management.\n\nStandardized procedures are used to distribute new software for implementation. Implementation orders,\nincluding effective date, are provided to all locations where they are maintained on file.\n\nLibrary management software is used to produce audit trails of program changes, maintain program version\nnumbers, record and report program changes, maintain creation/date information for production modules,\nmaintain copies of previous version, and control concurrent updates.\n\n\n                      Tests of Described Policies and Procedures                           Results of Tests\n\n Reviewed SDLC methodology, system documentation to verify that SDLC                 No exceptions were noted.\n methodology was followed and training records. Interviewed staff.\n\n Identified recent software modifications and determined whether change request      No exceptions were noted.\n forms were used. Examined a selection of software change request forms for\n approvals. Interviewed software development staff.\n\n Interviewed users and data processing staff to determine if personnel software is   No exceptions were noted.\n restricted.\n\n Examined procedures for distributing new software. Examine implementation           No exceptions were noted.\n orders for a sample of changes.\n\n Reviewed test plan standards.                                                       No exceptions were noted.\n\n\n\n\n                                                           59\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n                     Tests of Described Policies and Procedures                               Results of Tests\n\nFor the software change requests selected:                                             No exceptions were noted.\n\xe2\x80\xa2reviewed specifications;\n\xe2\x80\xa2traced changes from code to design specifications;\n\xe2\x80\xa2reviewed test plans;\n\xe2\x80\xa2compared test documentation with related test plans;\n\xe2\x80\xa2analyzed test failures to determine if they indicated ineffective software testing;\n\xe2\x80\xa2reviewed test transactions and data;\n\xe2\x80\xa2reviewed test results;\n\xe2\x80\xa2reviewed documentation of management or security administrator reviews;\n\xe2\x80\xa2verified user acceptance.\nDetermined whether operational systems experienced a high number of abends.\n\nReviewed pertinent policies and procedures. Interviewed personnel responsible for      No exceptions were noted.\nlibrary control. Examined a selection of programs maintained in the library and\nassessed compliance with prescribed procedures. Determined how many prior\nversions of software modules were maintained.\n\nExamined libraries in use. Verified that source code existed for a selection of        The library management\nproduction load modules by (1) comparing compile dates, (2) recompiling the source     software is not being used to\nmodules, and (3) comparing the resulting module size to production load module         manage or control the FECA\nsize.                                                                                  source code.\n\nFor critical software production programs, determined whether access control           The library management\nsoftware rules were clearly defined. Tested access to program libraries by examining   software is not being used to\nsecurity system parameters.                                                            manage or control the FECA\n                                                                                       source code.\n\nReviewed pertinent policies and procedures. For a selection of program changes,        The library management\nexamined related documentation to verify that: procedures for authorizing              software is not being used to\nmovement among libraries were followed and before and after images were                manage or control the FECA\ncompared.                                                                              source code.\n\n\n\n\n                                                            60\n\x0c                                  SECTION IIIC\n                   INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          GENERAL COMPUTER CONTROLS\n\nDescription of Policies and Procedures\n\nSegregation of Duties\n\nPolicies and procedures for segregating duties exist and are up-to-date. Distinct systems support functions\nare performed by different individuals, including the following: IS management, system design, application\nprogramming, systems programming, quality assurance/testing, library management/change management,\ncomputer operations, production control and scheduling , data control, data security, data administration,\nand network administration.\n\nNo individual has complete control over incompatible transaction processing functions. Specifically, the\nfollowing combination of functions are not performed by a single individual: data entry and verification of\ndata, data entry and its reconciliation to output, input of transactions for incompatible processing functions\n(e.g., input of vendor invoices and purchasing and receiving information), and data entry and supervisory\nauthorization functions (e.g., authorizing a rejected transaction to continue processing that exceeds some\nlimit requiring a supervisor\'s review and approval).\n\nData processing personnel are not users of information systems. They and security managers do not\ninitiate, input, or correct transactions. Day-to-day operating procedures for the data center are adequately\ndocumented and prohibited actions are identified. Regularly scheduled vacations and periodic job/shift\nrotations are required\n\nDocumented job descriptions accurately reflect assigned duties and responsibilities and segregation of duty\nprinciples. Documented job descriptions include definitions of the technical knowledge, skills, and abilities\nrequired for successful performance in the relevant position and can be used for hiring, promoting, and\nperformance evaluation purposes.\n\nAll employees fully understand their duties and responsibilities and carry out those responsibilities in\naccordance to their job descriptions. Senior management is responsible for providing adequate resources\nand training to ensure that segregation of duty principles are understood and established, enforced, and\ninstitutionalized within the organization. Responsibilities for restricting access by job positions in key\noperating and programming activities are clearly defined, understood, and followed.\n\nStaff\'s performance is monitored on a periodic basis and controlled to ensure that objectives laid out in job\ndescriptions are carried out. Management reviews are performed to determine that control techniques for\nsegregating incompatible duties are functioning as intended and that the control techniques in place are\nmaintaining risks within acceptable levels (e.g., periodic risk assessments).\n\nDetailed, written instructions exist and are followed for the performance of work. Operator instruction\nmanuals provide guidance on system operation. Application run manuals provide instruction on operating\nspecific applications. Operators are prevented from overriding file label or equipment error messages.\n\nPersonnel are provided adequate supervision and review, including each shift for computer operations. All\noperator activities on the computer system are recorded on an automated history log. Supervisors routinely\nreview the history log and investigate any abnormalities. System startup is monitored and performed by\n\n                                                     61\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\nauthorized personnel. Parameters set during the initial program load (IPL) are in accordance with\nestablished procedures.\n\n                      Tests of Described Policies and Procedures                               Results of Tests\n\n Reviewed an agency organization chart showing IS functions and assigned                 No exceptions were noted.\n personnel and relevant alternate or backup assignments and determined whether the\n chart was current and each function was staffed by different individuals, job\n descriptions for several positions in organizational units and for user security\n administrators, the effective dates of the position descriptions and determined\n whether they were current, the adequacy of documented operating procedures for\n the data center.\n\n Interviewed selected management and IS personnel to determine that assignments          No exceptions were noted.\n did not result in a single person being responsible for combinations of functions and\n that the proper segregation of duties was maintained.\n\n Observed activities of personnel to determine the nature and extent of the              No exceptions were noted.\n compliance with the intended segregation of duties.\n\n Interview personnel filing positions for the selected job descriptions (see above).     No exceptions were noted.\n Determine from interviewed personnel whether senior management has provided\n adequate resources and training to establish, enforce and institutionalize within the\n organization.\n\n Interviewed management and subordinate personnel. Selected documents or actions         No exceptions were noted.\n requiring supervisory review and approval for evidence of such performance (e.g.,\n approval of input of transactions, software changes, etc.) Determined what reviews\n were conducted to assess the adequacy of duty segregation. Obtained and reviewed\n results of such reviews.\n\n Interviewed supervisors and personnel. Observed processing activities. Reviewed         No exceptions were noted.\n manuals and history log reports for signatures indicating supervisory review.\n Determined who was authorized to IPL the system, what steps were followed, and\n what controls were in place to monitor console activity during the process and\n whether operators overrode the IPL parameters.\n\n\n\n\n                                                            62\n\x0c                                  SECTION IIIC\n                   INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          GENERAL COMPUTER CONTROLS\n\nDescription of Policies and Procedures\n\nSystems Software\n\nPolicies and procedures for restricting access to systems software are kept up-to-date. Access to system\nsoftware is restricted to a limited number of personnel, corresponding to job responsibilities. Application\nprogrammers and computer operators are specifically prohibited from accessing system software.\nDocumentation showing justification and management approval for access to system software is kept on\nfile. The access capabilities of system programmers are periodically reviewed for propriety to see that\naccess permissions correspond with job duties.\n\nPolicies and procedures for using and monitoring use of system software utilities is kept up-to-date.\nResponsibilities for using sensitive system utilities have been clearly defined and are understood by systems\nprogrammers. Responsibilities for monitoring use are defined and understood by technical management.\nThe use of sensitive system utilities is logged using access control software reports or job accounting data\n(e.g., IBM\'s System Management Facility).\n\nThe use of privileged system software and utilities is reviewed by technical management. Inappropriate\nor unusual activity in using utilities is investigated. System programmers\' activities are monitored and\nreviewed. Management reviews are performed to determine that control techniques for monitoring use of\nsensitive system software are functioning as intended and that the control techniques in place are\nmaintaining risks within acceptable levels (e.g., periodic risk assessments).\n\nPolicies and procedures are kept up-to-date for identifying, selecting, installing, and modifying system\nsoftware. Procedures include an analysis of costs and benefits and consideration of the impact on\nprocessing reliability and security. Procedures exist for identifying and documenting system software\nproblems. This should include using a log to record the problem, the name of the individual assigned to\nanalyze the problem, and how the problem was resolved.\n\nNew system software versions or products and modifications to existing system software receive proper\nauthorization and are supported by a change request. New system software versions or products and\nmodifications to existing system software are tested and the test results are approved before\nimplementation. Procedures include: a written standard that guides the testing, which is conducted in a\ntest rather than production environment; specification of the optional security-related features to be turned\non, when appropriate; review of test results by technically qualified staff who document their opinion on\nwhether the system software is ready for production use; and review of test results and documented\nopinions by data center management prior to granting approval to move the system software into\nproduction use.\n\nProcedures exist for controlling emergency changes. Procedures include: authorizing and documenting\nemergency changes as they occur; reporting the changes for management review; and review by an\nindependent IS supervisor of the change.\n\nInstallation of system software is scheduled to minimize the impact on data processing and advance notice\nis given to system users. Migration of tested and approved system software to production use is performed\n\n                                                     63\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\nby an independent library control group. Outdated versions of system software are removed from\nproduction libraries. Installation of all system software is logged to establish an audit trail and reviewed by\ndata center management. Vendor-supplied system software is still supported by the vendor. All system\nsoftware is current and has current and complete documentation.\n\n\n                      Tests of Described Policies and Procedures                               Results of Tests\n\n Reviewed pertinent policies and procedures and interviewed management and               No exceptions were noted.\n systems personnel regarding access restrictions. Observed personnel access system\n software. Attempted to access system software. Determined the last time the access\n capabilities of systems programmers were reviewed.\n\n Selected some systems programmers and determined whether management                     No exceptions were noted.\n approved documentation supports their access to system software. Selected some\n application programmers and determined whether they were not authorized access.\n\n Reviewed pertinent policies and procedures, logs, and documentation supporting the      No exceptions were noted.\n supervising and monitoring of systems programmers\' activities.\n\n Determined whether logging occurs; what information was logged; using security          No exceptions were noted.\n software reports, determined who could access the logging files.\n\n Interviewed management and systems personnel regarding their responsibilities,          No exceptions were noted.\n technical management regarding their reviews of privileged system software and\n utilities usage, systems programmer supervisors to determine their activities related\n to supervising and monitoring their staff.\n\nDescription of Policies and Procedures\n\nService Continuity\n\nESA has drafted a disaster recovery/business continuity plan which lists critical operations and data and\nthat prioritizes data and operations, reflects current conditions and identifies and documents resources\nsupporting critical operations such as computer hardware, computer software, computer supplies, system\ndocumentation, telecommunications, office facilities and supplies, and human resources. The draft disaster\nrecovery/business continuity plan is expected to be finalized in January 2003.\n\nWithin ESA\xe2\x80\x99s draft disaster recovery/business continuity plan, emergency processing priorities have been\ndocumented. Backup files are created on a prescribed basis and rotated off-site often enough to avoid\ndisruption if current files are lost or damaged. System and application documentation is maintained at the\noff-site storage location. The backup storage site is graphically removed from the primary site, and\nprotected by environmental controls and physical access controls.\n\nFire suppression and prevention devices have been installed and are working, e.g., smoke detectors, fire\nextinguishers, and sprinkler systems. Controls have been implemented to mitigate other disasters, such as\nfloods, earthquakes, etc. Redundancy exists in the air cooling system. An uninterruptible power supply\nor backup generator has been provided so that power will be adequate for orderly shut down.\n\n\n                                                            64\n\x0c                                   SECTION IIIC\n                    INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                           GENERAL COMPUTER CONTROLS\n\nEnvironmental controls are periodically tested. Eating, drinking, and other behavior that may damage\ncomputer equipment is prohibited.\n\nAll data center employees have received training and understand their emergency roles and responsibilities.\nData center staff receive periodic training in emergency fire, water, and alarm incident procedures.\nEmergency response procedures are documented and periodically tested.\n\nPolicies and procedures exist and are up-to-date. Routine periodic hardware preventive maintenance is\nscheduled and performed in accordance with vendor specifications and in a manner that minimizes the\nimpact on operations. Regular and unscheduled maintenance performed is documented. Flexibility exists\nin the data processing operations to accommodate regular and a reasonable amount of unscheduled\nmaintenance. Spare or backup hardware is used to provide a high level of system availability for critical\nand sensitive applications. Goals are established by senior management on the availability of data\nprocessing and on-line services. Records are maintained on the actual performance in meeting service\nschedules.\n\nProblems and delays encountered, the reason, and the elapsed time for resolution are recorded and analyzed\nto identify recurring patterns or trends. Senior management periodically reviews and compares the service\nperformance achieved with the goals and surveys user departments to see if their needs are being met.\nChanges of hardware equipment and related software are scheduled to minimize the impact on operations\nand users, thus allowing for adequate testing. Advance notification on hardware changes is given to users\nso that service is not unexpectedly interrupted.\n\nA contingency plan has been drafted that reflects current conditions, will be approved by key affected\ngroups including senior management, data center management, and program managers, clearly assigns\nresponsibilities for recovery, includes detailed instructions for restoring operations (both operating system\nand critical applications), identifies the alternate processing facility and the backup storage facility, includes\nprocedures to follow when the data/service center is unable to receive or transmit data, identifies critical\ndata files, is detailed enough to be understood by all agency managers, includes computer and\ntelecommunications hardware compatible with the agencies needs, and has been distributed to all\nappropriate personnel.\n\nThe plan provides for backup personnel so that it can be implemented independent of specific individuals.\nUser departments have developed adequate manual/peripheral processing procedures for use until\noperations are restored.\n\n\n\n\n                                                       65\n\x0c                                     SECTION IIIC\n                      INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                             GENERAL COMPUTER CONTROLS\n\nContracts or interagency agreements have been established for a backup data center and other needed\nfacilities that: are in a state of readiness commensurate with the risks of interrupted operations, have\nsufficient processing capacity, and are likely to be available for use. Alternate telecommunication services\nhave been arranged. Arrangements are planned for travel and lodging of necessary personnel, if needed.\n\n\n                      Tests of Described Policies and Procedures                                   Results of Tests\n\n Reviewed related policies. Interviewed program, data processing, and security              A draft disaster recovery/\n administration officials. Determined their input and their assessment of the               business continuity plan for\n reasonableness of priorities established.                                                  ESA does exist and is\n                                                                                            scheduled for completion in\n                                                                                            January 2003.\n\n Reviewed written policies and procedures for backing up files, test policies,              No exceptions were noted.\n documentation supporting recent tests of environmental controls, policies and\n procedures regarding employee behavior, training records, training course\n documentation, emergency response procedures, and maintenance documentation.\n\n Compared inventory records with the files maintained off-site, and determined the          No exceptions were noted.\n age of these files. For a selection of critical files, located and examined the backup\n files. Determined whether backup files were created and rotated off-site as\n prescribed, and were sent before prior versions were returned.\n\n Examined the back-up storage site and the entity\'s facilities. Interviewed data            No exceptions were noted.\n center staff and management, site managers, senior management, data processing\n management, and user management. Observed employee behavior and that\n operations staff were aware of the locations of fire alarms, fire extinguishers, regular\n and auxiliary electrical power switches, breathing apparatus, and other devices that\n they may be expected to be used in an emergency. Determined whether the\n activation of heat and smoke detectors will notify the fire department.\n\n Reviewed the contingency plan and compare its provisions with the most recent risk         A draft disaster recovery/\n assessment and with a current description of automated operations.                         business continuity plan for\n Observed copies of the contingency plan held off-site. Interviewed senior                  ESA does exist but a complete\n management, data center management, and program managers.                                  inventory listing of items for\n                                                                                            operations is not included in\n                                                                                            the disaster recovery/business\n                                                                                            continuity plan.\n\n Reviewed policies on testing, test results, final test reports and documentation           A draft disaster recovery/\n supporting contingency plan adjustments. Observed a disaster recovery test.                business continuity plan for\n Interviewed senior managers to determine if they were aware of the test results.           ESA does exist but a complete\n                                                                                            inventory listing of items for\n                                                                                            operations is not included in\n                                                                                            the disaster recovery/business\n                                                                                            continuity plan.\n\n\n\n\n                                                             66\n\x0c                                  SECTION IIIC\n                   INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                        TRANSACTION PROCESSING CONTROLS\n\nTransaction processing controls for compensation and medical benefit payments were tested in the\nfollowing areas:\n\n          Case Creation\n          Initial Eligibility\n          File Maintenance\n          Continuing Eligibility (Medical evidence and earnings information)\n          Accuracy of Compensation Payments\n          Schedule Awards\n          Death Benefits\n          Medical Bill Payment Processing\n          Third Party Settlements\n          Accounts Receivable\n\nControl Objective 1: Case Creation - Control policies and procedures provide reasonable assurance that\ncase files were initially set up properly and information related to the claimant was input into the computer\nsystems correctly.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-401(3) and (4) contains the requirements for proper set up of the case file\nand input into the appropriate computer systems.\n\nThe manual assigns the duties of keeping the case management file data accurate and up-to-date to the CE.\nThe case management file is set up by a Case Create Clerk and from this set up, a Form CA-800 is\ngenerated. Form CA-800 is a case summary sheet. Accurate data in the CMF is essential to ensure that\nthe information used to set up the ACPS is correct. Once the ACPS is set up for each claimant, all vital\ndata must be updated in both the CMF and ACPS. This data includes such items as the claimant\'s name,\naddress, date of birth, social security number and chargeback code. The CE verifies the accuracy of the\ninformation entered by the Case Create Clerk by comparing Form CA-1, CA-2 or CA-5 completed by the\nclaimant to Form CA-800 that was generated by the system.\n\nThe employing agency is charged with the responsibility of providing the chargeback code on the CA-1,\nCA-2, or CA-5. If the employing agency does not designate a chargeback code, the case creation clerk\ndetermines which chargeback code should be applied. Once the case file is created, a postcard is sent to\nthe employing agency to confirm the chargeback code. A negative confirmation process is used.\n\n\n\n\n                                                     67\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          TRANSACTION PROCESSING CONTROLS\n\n\n\n Tests of Described Policies and Procedures:                                 Results of Tests:\n\n For a non-statistical sample of 50 initial eligibility items, we compared   No exceptions were noted.\n case originating forms, such as Forms CA-1, CA-2 and CA-5, to the\n information contained in the CMF and ACPS to ensure that the case\n origination process resulted in the proper setup of the case files (to\n include agency chargeback codes) and related computer systems with\n current and accurate information.\n\n\n\nControl Objective 2: Initial Eligibility - Control policies and procedures provide reasonable assurance\nthat each participant met the requirements of 1) time; 2) civil employee; 3) fact of injury; 4) performance\nof duty; and 5) causal relationship prior to acceptance as an eligible participant.\n\nDescription of Policies and Procedures:\n\nAn injured worker must satisfy five basic criteria to be eligible for compensation benefits. These\ncriteria are: 1) time; 2) civil employee; 3) fact of injury; 4) performance of duty; and 5) causal relationship.\n\n1) Time - The FECA Procedure Manual 2-801(3) contains the requirements for the filing of notice of injury\nor occupational disease. A timely notice of injury must be filed for a claimant to be eligible for\ncompensation payments. The time period filing requirements are specified in 5 U.S.C. 8119. For injuries\non or after September 30, 1974, written notice of injury must be filed within 30 days after the occurrence\nof the injury. For injuries occurring between December 7, 1940 and September 6, 1974, written notice\nof the injury should be given within 48 hours. The FECA Procedure Manual 2-801(3) also contains the\nrequirements for filing a compensation claim. A timely compensation claim must be filed for a claimant to\nbe eligible for compensation payments. The time period filing requirements are specified in 5 U.S.C. 8122.\nFor injuries on or after September 30, 1974, compensation claims must be filed within 3 years after the\noccurrence of the injury. For injuries occurring between December 7, 1940 and September 6, 1974,\ncompensation claims must be filed within 1 year. A few exceptions to these requirements are allowed.\n\n2) Civil Employee - The FECA Procedure Manual 2-802(2) and (4) contain the requirements for\ndetermining whether an individual meets the second of the five requirements for benefits, being a civil\nemployee. The definition of a civil employee is in 5 U.S.C. 8101(1). Basically, status as a civil employee\nis met when: a) the service performed for the reporting office by the individual was of a character usually\nperformed by an employee as distinguished from an independent contractor; and b) that a contract of\nemployment was entered into prior to the injury.\n\n3) Fact of Injury - The FECA Procedure Manual 2-803(3)(a) contains the requirements for the "fact of\ninjury." The fact of injury consists of two components which must be considered in conjunction with each\nother. First is whether the employee actually experienced the accident, event or other employment factor\nwhich is alleged to have occurred; and, second is whether such accident, untoward event or employment\nfactor caused a personal injury.\n\n\n\n                                                            68\n\x0c                                  SECTION IIIC\n                   INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                        TRANSACTION PROCESSING CONTROLS\n\nThe FECA Procedure Manual 2-803(5) contains the requirements for the evidence necessary to establish\nthe occurrence of an unwitnessed accident. In establishing the fact of injury for an unwitnessed accident,\nOWCP should consider the surrounding circumstances. The CE must be able to visualize the accident and\nrelate the effects of the accident to the injuries sustained by the injured worker, especially where the\nclaimant delayed seeking medical evidence.\n\n4) Performance of Duty - The FECA Procedure Manual 2-804 contains the requirements for the\nperformance of duty criterion. The performance of duty criterion is considered after the questions of\n"time," "civil employee," and "fact of injury" have been established. Even though an employee may have\nbeen at a fixed place of employment at the time of injury, the injury may not have occurred in the\nperformance of duty. The employee is generally not covered for travel to and from work. There are five\nexceptions to this rule. Statutory exclusions exist under which claims for compensation should be denied\ndue to the willful misconduct of the employee. These claims are denied even though the injured worker\nhas met the fact of injury and performance of duty requirements.\n\n5) Causal Relationship - The FECA Procedure Manual 2-805(2) contains the requirements for obtaining\nmedical evidence necessary to establish a causal relationship between the injury and employment factors.\nAn injury or disease may be related to employment factors in any of four ways: a) Direct Causation; b)\nAggravation; c) Acceleration; or d) Precipitation.\n\nThe FECA Procedure Manual 2-807(17)(d)(2) contains the requirements for the 3-day waiting period\nwhich is required by 5 U.S.C. 8117. An employee is not entitled to compensation for the first 3 days of\ntemporary disability, except when: a) the disability exceeds 14 days; b) the disability is followed by\npermanent disability; or c) claimant is undergoing medical services or vocational rehabilitation during the\n3-day period.\n\nThe CEs are required to evaluate the injury reports and supporting medical evidence submitted by\nclaimants. The injury reports and medical evidence must support that the claimant has met the burden of\nproof with regards to the five criteria to establish initial eligibility. If the claimant has not submitted\ndocumentation which fully supports the eligibility of the claimant, it is the claims examiner\'s responsibility\nto request such further information as the CE deems necessary. Once a CE concludes that a claimant is\neither eligible or not eligible for benefits under the FECA program, the CE notates the decision on the Form\nCA-800 in the case file and updates the eligibility code in the CMF system. Claimants are notified of the\nCE\'s decision with regards to eligibility. If the claimant disagrees with the CE\'s decision concerning\neligibility, the claimant may request a hearing for resolution.\n\n\n\n\n                                                     69\n\x0c                                     SECTION IIIC\n                      INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                           TRANSACTION PROCESSING CONTROLS\n\n\n Tests of Described Policies and Procedures:                                   Results of Tests:\n\n For a non-statistical sample of 50 initial eligibility transactions, we       No exceptions were noted.\n reviewed the case file to determine whether the notice of injury was\n filed timely, whether the claimant was a civil employee, whether\n sufficient evidence was provided to prove the injury occurred as\n reported, whether sufficient evidence was provided to prove the\n employee was in performance of their duties at the time of injury,\n whether sufficient evidence was provided to prove the injury was\n causally related to employment factors, and whether the CE accepted\n the condition and indicated approval of the accepted condition in the\n case file.\n\n\n\nControl Objective 3: File Maintenance - Control policies and procedures provide reasonable assurance\nthat claimant\'s address and social security number were correct in the ACPS and the chargeback code was\ncorrect in the CMF.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 5-308(5) contains the requirements for updating the ACPS when corrections\nare necessary to the claimant\'s address, social security number and chargeback code. When a report of\ninjury is first received, a record is created in the CMF. When a request is made for compensation for lost\nwages, a schedule award or for death benefits, a complete case record is then created in the ACPS. The\ninformation transferred to the ACPS for the address, social security number and chargeback code is the\ninformation in the CMF at the time the record is created. If any of the information changes, both the ACPS\nand the CMF must be updated with the new information.\n\n\n Tests of Described Policies and Procedures:                                   Results of Tests:\n\n For a total of 162 cases, from a sample of 112 statistically selected         In 2 of 50 non-statistical items sampled,\n internal control compensation transactions and 50 non-statistically           the claimant\xe2\x80\x99s social security numbers\n selected initial eligibility transactions, we reviewed documentation in       were incorrect in the CMF. No exceptions\n the case files to ensure that the social security number, date of birth and   were noted in the statistical sample. No\n the address were accurate in the ACPS and CMF.                                other exceptions were noted.\n\n For a total of 162 cases, from a sample of 112 statistically selected         No exceptions were noted.\n internal control compensation transactions and 50 non-statistically\n selected initial eligibility cases, we reviewed documentation in the case\n files to ensure that the chargeback code was accurate in the CMF.\n\n\n\n\n                                                             70\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          TRANSACTION PROCESSING CONTROLS\n\nControl Objective 4: Continuing Eligibility (Medical Evidence) - Control policies and procedures\nprovide reasonable assurance that claimants submitted medical evidence to support continuing eligibility\nfor compensation and medical benefits.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-812(6) contains the requirements for the periodic review of medical\nevidence to verify continuing disability. The frequency of the medical review required depends on the type\nof compensation the claimant is receiving. Some claimants are required to submit medical evidence\nannually and others every 2 or 3 years.\n\n Tests of Described Policies and Procedures:                                Results of Tests:\n\n For a total of 132 cases, from a sample of 82 statistically selected       In 2 of the 82 statistically selected items\n compensation transactions and 50 non-statistically selected current        and in 13 of 50 non-statistically selected\n medical transactions, we reviewed medical evidence in case files to        items sampled, current medical evidence\n ensure that the current medical evidence supported the disability status   was not located within the case file.\n for the compensation being received.\n\n\n\nControl Objective 5: Continuing Eligibility (Earnings Information) - Control policies and procedures\nprovide reasonable assurance that claimants submitted earnings information and authorization to obtain\nearnings information from Social Security to support continuing eligibility for compensation and medical\nbenefits.\n\nDescription of Policies and Procedures:\n\nOWCP mails each claimant a Form CA-1032 each year. The Form CA-1032 asks the claimants to verify\nthe status of their dependents and report any and all earnings by the claimants. The information reported\nby the claimant on Form CA-1032 is to be reviewed by a CE and the compensation rate or amount adjusted\naccordingly.\n\nThe FECA Procedure Manual 2-812(6) contains the requirements for the frequency with which claimants\nmust complete Form CA-1032. The FECA Procedure Manual 2-812(10) contains the requirements for\nchanging the ACPS system when benefit changes are indicated by the claimant on the Form CA-1032. The\nACPS system must be changed to reflect the information provided by the claimant to ensure that benefits\nare being paid at the proper compensation rate and amount.\n\nThe FECA Procedure Manual 2-812(9) and (10) contain the requirements for obtaining a claimant\'s\nearnings report from the SSA. Earnings are requested from the SSA on Form CA-1036 to determine\nwhether an adjustment is needed to a claimant\'s compensation rates. A claimant\'s compensation rate can\nbe adjusted based on the information supplied by the SSA in response to Form CA-1036. The ACPS\nsystem must be changed to reflect the information updated by the SSA to ensure that benefits are being\npaid at the proper compensation rate.\n\n\n\n                                                            71\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          TRANSACTION PROCESSING CONTROLS\n\nA statistical sample of 97 claimants, from 82 lost wages claimants and 15 schedule award claimants, were\ntested for continuing eligibility controls, however, some specific tests did not apply to all claimants due to\nthe length of time of the claimant\'s injury, the date of the claim for benefits, or the claimant\'s case status.\nTherefore, the number of tests indicated below is the number of items to which tests were actually applied.\n\n Tests of Described Policies and Procedures:                                Results of Tests:\n\n From a statistical sample of 97compensation claimants, (82 lost wage       In 2 of 84 items sampled, CA-1032s had\n cases and 15schedule award cases), 84 cases required current eligibility   not been obtained from the claimants to\n verification due to the age of the case. We reviewed the case file to      verify earnings and dependent information\n determine whether a CA-1032 had been requested within the past year        within the last year. No other exceptions\n to verify earnings and dependent information.                              were noted.\n\n From a statistical sample of 82 lost wage claimants, 66 cases required      In 2 of 66 items sampled, a release for\n current earnings information due to the age of the case. We reviewed       authorization to obtain earnings\n the case file to determine whether a CA-1036 and CA-936 had been           information from SSA was not sent to the\n released to the claimant to obtain earnings information from SSA in the    claimants. No other exceptions were noted.\n past three years.\n\n For a statistical sample of 82 continuing eligibility claimants, we        No exceptions were noted.\n reviewed the case file to determine whether the Senior Claims Examiner\n (SCE) had requested claims information from SSA, if required.\n\n From a statistical sample of 97 compensation claimants, (82 lost wage      No exceptions were noted.\n cases and 15 schedule award cases), we reviewed the case file to\n determine whether the case was referred to appropriate official if the\n claimant refused to return the CA-1032 or release earnings information.\n\n\nControl Objective 6: Accuracy of Compensation Payments - Control policies and procedures provide\nreasonable assurance that components of compensation payments including the correct compensation\npercentage, pay rate, number of hours paid, verification of leave without pay status, absence of dual\ncompensation, proper deduction of Health Benefit Insurance (HBI) and Optional Life Insurance (OLI),\nand proper reimbursement of burial bills.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-900 contains the requirements for the computation of compensation where\nthe injury occurred after September 12, 1960. The Branch of Claims Services is responsible for the\ncomputation of compensation payments. The CE is responsible for determining the several factors used\nin computing compensation.\n\nThe FECA Procedure Manual 2-901 contains the requirements to periodically adjust compensation\npayments to reflect the increase in the cost of living. CPI adjustments are automatically calculated by the\nACPS.\n\n\n\n\n                                                           72\n\x0c                                   SECTION IIIC\n                    INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                         TRANSACTION PROCESSING CONTROLS\n\n\n\nTests of Described Policies and Procedures:                                Results of Tests:\n\nFor a total of 321 cases, from a statistical sample of 177 compensation    In 16 of 177statistically selected sample\ncases and non-statistical samples totaling 144 cases (50 initial           items, claimants were overpaid a net of\neligibility cases, 75 multiple claim cases and 19 gross override cases),   $117,398 (of which 3items totaling a net\nwe reviewed documentation in the case files to ensure that the             overpayment of $121,476 were in the high\ncomponents comprising compensation benefits were determined                dollar strata which was tested at 100%). In\ncorrectly.                                                                 26 of 144 non-statistically selected sample\n                                                                           items, claimants were overpaid a net\n                                                                           overpayment of $11,675. Claimants were\n                                                                           overpaid a net of $129,073.\n\n                                                                           The net overpayment resulted from the use\n                                                                           of incorrect:\n                                                                           18 Payrates                      $66,873\n                                                                           8 Compensation periods            14,909\n                                                                           5 Compensation percentages         1,193\n                                                                           9 HBI/OLI withholdings               681\n                                                                           1 Effective payrate date            (211)\n                                                                           1 Benefits paid after remarriage 45,628\n                                                                              Net Overpayment              $129,073\n\nFor a total of 162 cases, from a statistical sample of 112 compensation    No exceptions were noted.\ncases and 50 initial eligibility cases, we reviewed those transactions\nwhereby a single payment was in excess of $50,000 to ensure the\npayment was authorized by a senior official at a GS-13 or higher.\n\nFor a non-statistical sample of 75 multiple claim cases, we reviewed the   In 3 of 75 multiple claims cases tested, the\nappropriateness of the receipt of compensation for more than one injury    claimants were paid unallowable\nfor the same period of time (multiple claims cases). This concurrent       overlapping compensation for a net\npayment of benefits is allowable up to certain amounts and in certain      overpayment amount of $13,651. No other\ninstances.                                                                 exceptions were noted.\n\nFor a statistical sample of 25 schedule award transactions and a non-      In 1of 25 schedule award cases tested, a\nstatistical sample of 19 gross override transactions, we reviewed the      manual calculation of an award did not\nappropriateness of overriding the ACPS calculated compensation             correctly apply the CPI increase resulting\namount with a different gross compensation amount (gross override          in an underpayment of $22,881. In 2 of\ncases). A manual override is required in instances such as when a          19 gross override cases tested, the CPI was\nclaimant\'s compensation must be paid to several individuals.               applied late and the claimants were\n                                                                           underpaid a net amount of $403. No other\n                                                                           exceptions were noted.\n\n\n\n\n                                                           73\n\x0c                                   SECTION IIIC\n                    INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                         TRANSACTION PROCESSING CONTROLS\n\n\n We reviewed the "compensation calculation program" data that was         No exceptions were noted.\n updated in the mainframe computer system from June 1, 2000 through\n April 30, 2001, to ensure that:\n\n <         The mainframe\'s "compensation calculation program" was\n           correctly using the information entered into the ACPS by the\n           CEs and accurately calculating compensation benefit\n           payments to the claimants.\n\n <         The mainframe\'s "compensation calculation program" was\n           correctly updated with the current CPI data and accurately\n           calculated the CPI increase to the claimant\'s compensation\n           benefit payments.\n\n\nControl Objective 7: Schedule Awards - Control policies and procedures provide reasonable assurance\nthat claimants had reached maximum medical improvement prior to receipt of a schedule award, medical\nevidence was obtained, and medical evidence stated the percentage of impairment.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-808(6) contains the requirements for supporting a schedule award. The\nfile must contain competent medical evidence which: 1) shows that the impairment has reached a\npermanent and fixed state and indicates the date on which this occurred; 2) describes the impairment in\nsufficient detail for the CE to visualize the character and degree of disability; and 3) gives a percentage\nevaluation of the impairment. DMAs calculate the percentage of impairment for the schedule award.\n\n Tests of Described Policies and Procedures:                              Results of Tests:\n\n From the statistical sample of 177 compensation items, 25 items were     No exceptions were noted.\n for schedule awards, we reviewed documentation in the case files to\n ensure that claimants receiving compensation for schedule awards had\n medical evidence in the case files that supported their impairment or\n disability.\n\n\n\nControl Objective 8: Death Benefits - Control policies and procedures provide reasonable assurance that\nproper notification of death was made; if the DMA requested an autopsy, if needed; if a death certificate\nwas obtained; if burial bills were obtained; and if dependent information for death benefits was verified.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-700(5) contains the requirements for proper and supporting documentation\nfor the establishment of death claims and rights of the beneficiary. Some of the documents that claimants\nmust submit are: 1) death certificates; 2) names and addresses of next of kin; 3) marriage certificates (civil\ncertificates); 4) birth certificates for each child; 5) divorce, dissolution, or death certificates for prior\nmarriages; and 6) itemized burial bills, receipted, if paid.\n\n\n                                                         74\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          TRANSACTION PROCESSING CONTROLS\n\n\n Tests of Described Policies and Procedures:                                 Results of Tests:\n\n From the statistical sample of 177 compensation items, 15 items were        In 1 of 15 items sampled, a current CA-12\n for death benefits, we reviewed documentation in the case files to ensure   had not been obtained from the\n that the beneficiaries receiving compensation for death benefits had        beneficiaries to verify earnings and\n documentation in the case files that established their right as the         dependent information within the last year.\n beneficiaries.\n\nControl Objective 9: Medical Bill Payment Processing - Control policies and procedures provide\nreasonable assurance that medical bill payments were properly authorized, approved, input, and reviewed,\nas required.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual Part 5 provides detailed instructions for use of the BPS:\n<       Section 200 provides an overview of the system, describes the flow of bills through the office,\n        houtlines authorities and responsibilities, describes sources of information to be used in bill\n        adjudication, and outlines procedures for some functions which support the BPS.\n\n<          Section 201 describes keying instructions for the various BPS programs that are available to\n           general users, such as CEs, fiscal personnel, keyers and contact representatives.\n\n<          Section 202 describes the different BPS jobs which must be run and how to run them. These\n           activities are generally carried out by the Systems Manager or operator.\n\n<          Section 203 describes the coding schemes used by the BPS.\n\n<          Section 204 describes the general rules which underlie bill adjudication.\n\n<          Section 205 describes how suspended bills should be resolved.\n\n<          Section 206 describes how informal appeals of Explanation of Benefits denial letters and formal\n           appeals of fee schedule determinations should be processed.\n\n<          Section 207 describes the various BPS reports available, their uses, and how to run them.\n\n<          Section 208 describes other activities related to the BPS which are not addressed elsewhere,\n           such as tracers, audits, controls and supervisory/management review.\n\n\n\n\n                                                           75\n\x0c                                   SECTION IIIC\n                    INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                         TRANSACTION PROCESSING CONTROLS\n\n\nTests of Described Policies and Procedures:                                  Results of Tests:\n\nFor a total of 242 medical bill payments, from a statistical sample of       In 7 of 182 statistically selected medical\n182 medical bill payments and non statistical samples of 60 medical bill     bills tested, medical providers were\npayments, (50 provider type and 10 potential duplicate payments), we         overpaid a net of $181,576 (of which 3\nreviewed medical bills paid to ensure that bills were correctly entered      payments totaling $181,411were in the\ninto the BPS; bills contained all information for proper adjudication;       high dollar strata which was tested at\namounts were not paid in excess of district established limits without       100%). In 7 of 60 non-statistically selected\nproper approval by authorized personnel; discounts were taken, if            sample items, medical providers were\noffered; and hospital bills were for services which were considered          overpaid a net of $55,230. Medical\nproper charges against the Special Benefit Fund.                             providers were overpaid a net of $236,807.\n\n                                                                             The net overpayment resulted from the use\n                                                                             of incorrect:\n                                                                             1 fee schedule maximum exceeded $       19\n                                                                             1 Convenience item paid                213\n                                                                             5 keying errors\n                                                                             16,311 4 Bypass codes used incorrectly\n                                                                             186,454\n                                                                             1 Medical paid when case was\n                                                                                not yet accepted\n                                                                             33,465\n                                                                             1 Bills keyed same day not edited      300\n                                                                             1 Chiropractor paid when not\n                                                                                 for specified injury                45\n                                                                                 Net Overpayment               $236,807\n\nFor a statistical sample of 82 internal control medical bill transactions,   No exceptions were noted.\nwe reviewed case files to ensure that a medical report was submitted for\nthe services provided, surgery or equipment was approved prior to\npayment of a medical bill, when required, and that the medical services\nrendered related to the accepted condition.\n\nFor a statistical sample of 82 medical bill transactions, we reviewed        No exceptions were noted.\nbills which were subject to the Prompt Payment Act to ensure the bills\nwere paid within 30 days or interest was paid if the bill was paid within\n45 days.\n\nWe reviewed the guidelines established by the Health Care Financing          No exceptions were noted.\nAdministration and the American Medical Association and the medical\nfee schedule data that was updated in the mainframe computer system\nfrom June 1, 2000 through April 30, 2001, to ensure that the\nmainframe\'s "medical fee schedule calculation program" was correctly\nupdated with the current fee schedule data and accurately calculating\nthe amounts due to medical providers.\n\n\n\n\n                                                            76\n\x0c                                       SECTION IIIC\n                        INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                             TRANSACTION PROCESSING CONTROLS\n\nControl Objective 10: Third Party Settlements - Control policies and procedures provide reasonable assurance that\nthird party settlements are identified, tracked, and collected.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-1100 outlines the procedures for processing third party cases:\n\n<              Sections (2) and (3) define authorities and responsibilities involved with third party cases.\n\n<              Section (4) describes the letters, forms and status codes used to process and track the progress of third\n               party cases.\n\n<              Section (5) defines a minor injury.\n\n<              Section (7) provides instructions for third party case development by key personnel, such as CEs and\n               DCE\'s.\n\n<              Section (8) provides instructions to close out third party cases that are not economical to pursue or that\n               would not be successful with further efforts.\n\n<              Section (9) lists certain third party cases that are not to be closed by the DCE and should be sent to the\n               appropriate SOL.\n\n<              Section (10) provides instructions for handling settlement cases where the injury is "minor" and the\n               claimant is negotiating or has made a settlement without the benefit of an attorney.\n\n<              Section (11) provides instructions for the referral of third party cases to the SOL.\n\n<              Section (13) provides instructions for when a settlement has been made or is imminent in third party cases\n               referred to the SOL.\n\n    Tests of Described Policies and Procedures:                                  Results of Tests:\n\n    From the non-statistical sample of 35 items third party cases and 50         In 6 of 85 third party cases, the case status\n    initial eligibility cases, we determined whether the third party indicator   codes were incorrectly reported in the\n    contained in the NCMF was accurate.                                          CMF. For 3 cases, the case files had status\n                                                                                 codes which indicated a third party\n                                                                                 potential when the third party aspect of the\n                                                                                 case file had been closed or was not\n                                                                                 present. For 3 cases, the case files had\n                                                                                 incorrect active status codes. District\n                                                                                 offices could erroneously make or deny\n                                                                                 payments to claimants if unabsorbed third\n                                                                                 party credits exist or are improperly\n                                                                                 indicated and the correct compensation\n                                                                                 payments are not made. No other\n                                                                                 exceptions were noted.\n\n                                                                77\n\x0c                                   SECTION IIIC\n                    INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                         TRANSACTION PROCESSING CONTROLS\n\n\nTests of Described Policies and Procedures:                                 Results of Tests:\n\nFrom the non-statistical sample of 35 items third party cases, we           In 1 of 35 third party cases, CA-1045s\ndetermined whether the Letter CA-1045, which requests information           were not issued to the claimants or, if no\nfrom the claimant regarding the action taken against a third party by the   response was received from the claimants\nclaimant, including the hiring of an attorney, was released to the          to the first request, second request CA-\nclaimant, when necessary, and the proper follow-up actions were             1045s were not timely issued to the\nconducted when the claimant did not reply within 30 days.                   claimants. No other exceptions were noted.\n\nFrom the non-statistical sample of 35 items third party cases, we           No exceptions were noted.\ndetermined whether third party cases were properly referred to a DCE.\n\nFrom the non-statistical sample of 35 items third party cases, we           No exceptions were noted.\ndetermined whether the appropriate forms were released to the attorneys\nof claimants involved in a third party case.\n\nFrom the non-statistical sample of 35 items third party cases, we           In 1 of 35 third party cases, CA-160s was\ndetermined whether the third party cases were referred to the SOL,          not issued to the solicitor\xe2\x80\x99s office. For 1 of\nwhen required and the appropriate actions were taken to track, monitor      the 35 third party cases, the case file\nand resolve third party cases through the SOL.                              indicated that the case had been referred to\n                                                                            the solicitor but it had not been referred to\n                                                                            the SOL. No other exceptions were noted.\n\nFrom the non-statistical sample of 35 items third party cases, we           No exceptions were noted.\ndetermined whether when completed Form CA-162s (Statement of\nRecovery) from the SOL were received (or recovery statements from a\nclaimant), the Summary of Disbursements, Form CA-164s, were\nproperly prepared and forwarded to the fiscal section for completion.\n\nFrom the non-statistical sample of 35 items third party cases, we           No exceptions were noted.\ndetermined whether the fiscal section properly established account\nreceivables and maintained accounting records when third party\nsurpluses were created.\n\nFrom the non-statistical sample of 35 items third party cases, we           No exceptions were noted.\ndetermined whether claimants were notified when the third party\nsettlement was in excess of the prior compensation suspended via a\nLetter CA-1044 and claimants were notified when the third party\nsettlement was not in excess of the prior compensation suspended via a\nLetter CA-1120.\n\n\n\n\n                                                          78\n\x0c'